IIoT smart factories are leaving doors open for cyber attacks
The industrial internet of things (IIoT)— the digital ‘mesh’ of interconnected sensors at the backbone of today’s ‘smart factories’— is steadily revolutionizing the manufacturing industry.
Integrating IIoT technology into manufacturing means a stream of real-time data can be acquired and fed back to industrial control systems (ICS), offering insights into current and future performance, providing maintenance updates, and giving customers the possibility to track orders, to name just a few potential use cases.
But while the benefits of IIoT are undeniable in manufacturing across multiple industries— energy and utilities, oil and gas, pharmaceutical and chemical production, food and beverage— the connected, always-online nature of these systems means entire factories could be vulnerable to often devastating cyber attacks.
The cybersecurity risks
As far back as 2015, a hack of Ukraine’s power grid caused a blackout affecting 200,000 people, while Kaspersky Labs estimates that over 40 percent of ICS computers on its watch had been attacked by malicious malware at least once in the first half of 2018.
The malicious software in question includes anything from ransomware (such as WannaCry and NotPetya), botnets and cryptominers. But businesses also face ICS-targeted attacks, such as TRITON and Industroyer, that can lead to expensive production outages; safety and environmental incidents; and dangers to the functioning of civilized societies, such as loss of heat and power. And, in some cases, a threat to human life.
Despite the dizzying risk, though, more than a third of smart factories are essentially leaving the door open to attacks. Research on 850 production ICS networks by CyberX found that some 40 percent of smart factories are connected, one way or another, to public internet. In fact, less than two-thirds (60 percent) could be considered ‘air-gapped’, whereby their ICS system can only be accessed on-site.
While public internet connections may leave an enterprise open to initial attack, however, more than half (53 percent) are not in shape to manage a breach if one took place. That’s because many legacy IT systems still in wide circulation— Windows XP, for example— can be easily compromised, with security patches no longer available.
Other common and fundamental weaknesses among ICS networks include the use of plain-text passwords— easily observed through cyber-reconnaissance— and a lack sufficient, auto-updating antivirus software.
“While a minority of organizations have now implemented ICS monitoring solutions, most remain completely unprotected. Many IT and OT personnel have availed themselves of conferences, podcasts, and industry news in order to raise their understanding of the risks and how to address them,” said CyberX in the report.
“TRITON showed just how sophisticated and dangerous attacks on industrial control systems have become – a simultaneous dismantling of safety controls, combined with malicious instructions to overheat or over-pressurize a boiler, showed how determined attackers can cause catastrophic environmental damage and loss of human life.”
YOU MIGHT LIKE
System slowdown? It may be cryptojacking
How to improve cybersecurity
The report goes on to outline eight recommendations for IIoT-based manufacturers to improve their ICT defenses.
# 1 | Identify crown jewel processes
You can’t protect everything all the time, but thorough conversations with business owners and OT managers will reveal the most high-priority items, whose breach would cause the most damage (whether that’s lawsuits, expense, environmental damage, or otherwise).
# 2 | Map the digital terrain
Know what hardware, software, and communications protocols are in use in your site, including how ICS systems are connected and the nature of information flowing through them.
# 3 | Illuminate the most likely paths to attack
Perform real-world vulnerability tests and threat modeling to establish the most likely breach patterns, then work to strengthen vulnerabilities.
# 4 | Mitigate and protect
Once you’ve established vulnerabilities, consider removing the paths altogether. Are they completely necessary? Could they be restructured?
# 5 | Practice cyber hygiene
Certain requirements should become an automatic process for your team; default passwords changed when devices come online; USB and storage devices cleaned and checked before use; and a ban on internet surfing from within the ICS.
# 6 | Leverage ICS threat intelligence
Stay up to date with the latest threats out there, including ICS-specific malware, campaigns, and adversary groups, and keep updated as a result.
# 7 | Create a manageable OS upgrade schedule
ICS systems are much more difficult to upgrade than corporate IT systems, so companies should plan and keep an upgrade schedule to manage limited maintenance windows.
# 8 | Remove silos between OT and IT
Create a top-down culture to foster interdepartmental cooperation, and ensure that every worker understands the potential threats of cyber attacks.
27 March 2020
27 March 2020