Internet of vulnerable things: New industrial attack vectors

Courtesy of CFE Media

Learning Objectives

  • Industry 4.0 and IIoT have brought newfound efficiency and efficacy to industrial environments, but also an expanded the industrial attack surface.
  • With IT and OT convergence, attacks can expose an environment in more ways than ever before.
  • Industrial organizations require industrial-grade security, purpose-built to secure modern, converged environments.

The Fourth Industrial Revolution has brought innovation and advanced technology, but it has also made these systems increasingly vulnerable.

Before Industry 4.0, operating industrial devices required manual interference. In the example of critical infrastructure such as an oil pipeline, pumping stations with sensors were sprinkled across thousands of miles, keeping a read on operational health, including pressure and temperature monitoring. Previously, a staff member would be required to physically visit the sites to check data and make any critical adjustments.

With information technology (IT) and operations technology (OT) environments converging and the interconnection of Industrial Internet of Things (IIoT) and supervisory control and data acquisition (SCADA) systems, these sensors transmit data for real-time analysis and remote changes. While this has brought efficiency and efficacy, it is not without cyber risks.

This transmission of data exposes these converged IT and OT environments to a multitude of attack vectors from all directions. Even those choosing to “air gap” – or virtually separate IT and OT environments – still face cyber risks. It is imperative organizations understand the modern attack vectors threatening the industrial sector – especially those with critical infrastructure – and move to secure these environments.

External threats manifest in OT

Now that IT infrastructure, such as servers, routers, PCs and switches are connected through IIoT to OT infrastructure, such as programmable logic controllers (PLCs), distributed control systems (DCSs) and human-machine interfaces (HMIs), the attack surface has expanded. An attacker can now enter from IT and traverse to OT, often wreaking havoc in industrial environments including expensive and dangerous impacts to critical infrastructure.

Once an attacker is inside an OT environment, exploitation is easier because OT device commands are unencrypted. Even though industrial controllers are built for rugged environments, they don’t provide built-in security. The results can be disastrous if an attacker gains control of an industrial controller. Examples include creating dangerous pressure levels in oil or gas lines, power outages or damaged products from a production line. Downtime in the aftermath of an attack can result in hefty costs. Organizations need to be aware of blind spots and ensure their security teams have holistic visibility into assets and devices in converged environments.

Courtesy: Tenable

Analyzing insider threats

An organization’s own employees, subcontractors or partners also can cause an attack – whether intentionally or not. Many employees are granted elevated credentials to access sensitive assets and devices. With this level of authorization, a disgruntled employee can make catastrophic changes to interconnected devices. And this can have a domino effect as damages can quickly spread across internet-connected devices.

Although organizations should trust their employees and partners, it’s important to account for worst case scenarios, as well as accidents. In moments of oversight, employees can make small mishaps that lead to large consequences. It is essential that security teams monitor any changes and anomalies in these environments, and then act to remediate when needed.

Three ways to secure industrial environments

Securing the attack vectors created by IIoT and digital transformation is possible. Modern, converged industrial environments require purpose-built solutions to secure complex, distributed and dynamic industrial architectures. Organizations should be able to:

  1. Achieve holistic visibility for converged environments – Capture visibility across IT and OT environments, including in-depth knowledge of each asset and its health. Support this with strong asset inventory that provides deep situational analysis on every device, including information such as patch levels, firmware down to the ladder logic and backplane. This makes it possible to prevent blind spots, monitor the environment in one place and even schedule key maintenance.
  2. Create risk-based vulnerability management – With deep knowledge on each and every asset, identify the vulnerabilities and set a triaged risk score based on the type of vulnerability and criticality of the asset. This helps ensure the most severe and dangerous vulnerabilities get dealt with first.
  3. Ensure employee security awareness – Ensure regular cybersecurity trainings are completed by employees to educate on best practices as well as inform of warning signs (avoiding impacts from the use of phishing emails, suspicious links or unknown files or devices, such as a USB).

It’s crucial organizations continue strengthening the security posture of the industrial environments modern society relies on. With the proper solutions in place, organizations can help prevent breaches, downtime and damages while focusing on continued innovation.

Michael Rothschild is senior director of OT solutions at Tenable. Edited by Mark T. Hoske, content manager, Control Engineering, CFE Media, mhoske@cfemedia.com.

KEYWORDS: Industrial cybersecurity, securing industrial environments

Industry 4.0 and IIoT have brought newfound efficiency and efficacy to industrial environments, but also an expanded attack surface.

With IT and OT convergence, attacks can expose an environment in more ways than ever before.

Industrial organizations require industrial-grade security, purpose-built to secure modern, converged environments.

CONSIDER THIS 

Are your cybersecurity efforts staying ahead of others in your industry? Is most vulnerable least desirable?

Online Extra

Author biography: Michael Rothschild is senior director of OT solutions who comes to Tenable by way of the Indegy acquisition. He focuses on Tenable’s OT product line, is an advisory board member at Rutgers University and is a past professor of marketing. He also has a number of published works in marketing and healthcare. In his spare time Rothschild is a first aid instructor and volunteers as an EMT.

Michael Rothschild is senior director of OT solutions who comes to Tenable by way of the Indegy acquisition. He focuses on Tenable's OT product line, is an advisory board member at Rutgers University and is a past professor of marketing. He also has a number of published works in marketing and healthcare. In his spare time Rothschild is a first aid instructor and volunteers as an EMT.

Related Topics
You May Also Like