BRAND VISIBILITY 2019

The CloudTweaks brand visibility 2019 program provides a number of terrific opportunities to help leverage your brand and service bringing it to the forefront of the technology world. We provide sponsorship, lead generation services, custom content packages, blog management and promotion. Contact us for a quote!

partner-fortune-cloudtweaks
Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS)

Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems are essential to life in any advanced society because they manage critical infrastructure such as power plants, the electrical grid, hydroelectric facilities, transportation, water and wastewater, manufacturing, and other essential services.  Society depends on their reliable operations.

Yet, these systems tend to be taken for granted, by everyone except their operators, that is, until a failure in an ICS system leads to a crisis that is visible enough to require wider attention.  And as these systems are increasingly connected to private and public networks, a new, possibly failure mode is being introduced. Yes, the ICS systems that manage crucial infrastructure such as energy, power, water, and transportation can be attacked by malware.

The prevalence of malware within ICS environments suggests that IT and security professionals should pay closer attention to cyber-threats within ICS environments. The Dragos Threat Operations Center studied 15,000 malware samples from ICS environments over a three-month period and concluded that approximately 3,000 industrial sites per year get infected with malware. Additionally, much of the malware these researchers found came from common malware families. One malware variant, posing as Siemens Programmable Logic Controller (PLC) firmware, has been in circulation since 2013 and has been reported by 10 industrial sites in the U.S., Europe, and China. Another attack, which dates back to 2011, was a phishing email that targeted multiple nuclear sites in the U.S. and other Western countries.

ICS

As bad as these numbers are, they appear to be getting worse. According to IBM Managed Security Services (MSS) data, ICS attacks increased more than 110 percent in 2016. This increase was related primarily to brute force Supervisory Control and Data Acquisition (SCADA) attacks, which use automation to attempt to guess default or weak passwords. Once a hacker gains access, they can remotely monitor or control connected devices — paving the way for a larger attack or other nefarious activities.

Cyberattacks that target ICS environments aim to inflict “loss of view” and/or “loss of control” on the systems’ operators. The authors of ICS malware may have many different motives for targeting an ICS environment, including political motivations, financial gain, or even a military objective. Attacks may be state-sponsored, inflicted by competitors, insiders with malicious goals, or even hacktivists. No matter who is behind them – or their motivation – attacks on ICS are serious business. Documented attacks in 18 countries outside the U.S. and hits have included:

  • The destruction of centrifuges in Iran’s nuclear facility (via the Stuxnet worm)
  • Damage to a blast furnace
  • Tilting of an offshore oil rig
  • Significant environmental discharges

Within the U.S., recent attacks have included the loss of electrical power and water, damage to manufacturing lines, shutdown of HVAC systems, and damage to critical motors. In March 2016, the U.S. Justice Department claimed that Iran had attacked U.S. infrastructure by infiltrating the industrial controls of a dam in Rye Brook, New York using a cellular modem. Worse, the attack is believed to have occurred in 2013, but wasn’t reported until 2016 – further proof that cyberattacks often take months and years to identify and resolve.

ICS makes an easy target

What makes ICS and SCADA systems such attractive targets for hackers? While they are generally regarded as being well designed to withstand or recover from physical threats such as fires and explosions, as well as physical events caused by hardware malfunction, the truth is they are often not designed with cyberattacks in mind.  It’s easy to see why they are an attractive target, especially now that they are more connected to other external IT systems and the internet. Because many ICS systems rely on technology that may not have been built with security in mind, they tend to expose vulnerabilities related to access policies, configuration control, hardware, software, and network configuration. As IT systems and operational technology environments increase their interconnectedness, ICS solutions become much more vulnerable to intrusions and attacks.

Mitigate risks related to ICS

With so much malware already resident in ICS environments and the prospect of an ICS breach leading to an infrastructure failure with disastrous consequences, government agencies in the U.S. and elsewhere are scrambling to raise awareness and mobilize the owners and operators of infrastructure assets.

Especially active is the U.S. Department of Homeland Security’s ICS-CERT (Industrial Control Systems Cyber Emergency Response Team), which has published a series of recommendations on how to identify and mitigate the cyber vulnerabilities of ICS environments. Some of its recommendations include:

  • Removing critical control systems from the public-facing internet
  • Ensuring that updates are performed securely and with documentation
  • Strictly controlling access to critical systems and maintaining high levels of discipline related to access credentials.

A useful addition to these suggestions would be recognizing that the components of networked ICS systems also function, in effect, as endpoints on their networks. If users can automate the process of identifying these endpoints’ deviations from their normal behavior, and generate actionable alerts to the analyst(s) responsible for securing the network, cyber-risk awareness within ICS and SCADA environments can be significantly increased.

The endpoint modeling advantage

Endpoint modeling is an advanced threat-detection technology that creates and maintains a software model – a real-time simulation – of each networked resource. It automatically discovers the role and behavior of IT assets, and then continuously tracks the behavior of those assets. When endpoint modeling is applied to an ICS environment, it provides analysts and operators an ideal way to monitor for any threats as well as any changes in the assets connected to the network.  By monitoring and detecting behavior changes, no prior awareness of threat characteristics is needed.  A threat that changes the network behavior of an asset can become visible to an operator.  Endpoint modeling also has another benefit: it exposes normal network behavior for ICS assets which increases operator understanding and their ability to recognize abnormal activity that may be due to component failure.

Endpoint modeling brings highly accurate, low-noise security awareness to security analysts who can quickly investigate to determine if this behavior represents a threat, and if so, take effective action to remediate it. As a result, vulnerable ICS systems – which may be been poorly secured before now – can benefit from increased visibility and security.

By Bryan Doerr, Chief Executive Officer, Observable Networks

Bryan Doerr

Bryan Doerr is the chief executive officer of Observable Networks, a leading provider of network security technology and advanced threat detection services. Bryan's career is embossed with over 25 years of industry experience in corporate research, product design, IT management, and executive management. Prior to Observable, Bryan was Chief Technology Officer at Savvis (now CenturyLink), where he led technology research and development and inspired the company's go-to-market strategy spanning cloud, network, hosting, security infrastructure and services, and internal IT systems development.

View Website

How To Be Data Compliant When Using The Cloud

How To Be Data Compliant When Using The Cloud

Data compliant Companies using the cloud for data storage, applications hosting or anything else, have to carefully consider data compliance ...
Leading Multicloud Strategies

Solving the Complexities of Leading Multicloud Strategies

Leading Multicloud Strategies To avoid the dreaded cloud lock-in, many organizations are now managing multiple clouds to service their business ...
Apcela

After the SD-WAN: leveraging data and AI to optimize network operations

AI to Optimize Network Operations Increasing numbers of companies have implemented SD-WAN technology, thanks to benefits like higher performance, lower ...
Cloud Proofing Future Business Challenges

Cloud Proofing Future Business Challenges

Cloud Proofing Business Hardly a week goes by without coming across news around the increase in the number of organizations ...
Infosec thought leaders

Cryptocurrencies and Ransomware: How VDI Can Help Defend Against the Next Ransomware Attack

Cryptocurrencies and Ransomware The WannaCry ransomware made headlines back in May when it crippled hospitals across the UK and put ...
egnyte

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud Cloud computing is more than just another storage tier. Imagine if you’re able to scale up ...

Cloud Community Supporters

(ISC)²
AWS
HPE
CA Technologies
Cisco

Cloud community support comes from sponsorship, service opportunities and collaborative network partnership initiatives.

Apcela

Why Enterprises Need Communication Hubs for Today’s WAN

Enterprise Communication Hubs As early as 2014, Gartner analysts were touting the benefits of communication hubs as a means to improve WAN performance. In a blog post by analysts Andrew Lerner, and a related research note by he and Sorell Slaymaker the recommendation was that
2019 Big Data and Data Science Predictions Through the Lens of Comedy Movies

2019 Big Data and Data Science Predictions Through the Lens of Comedy Movies

2019 Big Data and Data Science Predictions It’s that time of year again when I look into the Crystal Skull…er, ball, and make some predictions of the continuing challenges and new trends I foresee in Big Data and Data Science for the coming year. It’s

"Top 100 Brand Influencer, Cloud”
-ONALYTICA

"Best Cloud Computing Blog"
-SYSADMIN MAGAZINE

"Top 10 Sites For Cloud Computing"
-DIGITALISTMAG SAP

"Top 10 Cloud Computing Blogs”
-MARKETING ENVY

"Top 25 Must Read Cloud Blogs"
-CLOUDENDURE