Until the advent of the IoT, industrial technologies and critical infrastructures were relatively protected from hackers as they were isolated from traditional IT. The convergence between these two worlds, imposed by the digital transformation of manufacturing companies and utilities, now puts industrial cybersecurity in the spotlight.
The digital transformation of industrial companies, to lead to the realization of the Industry 4.0 paradigm (or Manufacturing 4.0), implies an increasingly extensive convergence between the systems that govern devices, plants and critical industrial infrastructures, and those of the so-called traditional IT or conventional. As a result, many of the technological and organizational barriers that, until recently, protected Industrial Control Systems (ICS) from hacker attacks are missing.
What Is Industrial Cyber Security?
Conventional IT has always been under the magnifying glass of IT security managers of companies and producers of cybersecurity systems and services: the same cannot be said for ICS, since, as already pointed out, it is only recently that industrial companies have begun to adopt business models that provide for the accessibility and management, including via the cloud, of sensors, devices, machinery and critical infrastructures; access that takes place using endpoints (fixed and mobile), applications, data centers and networks previously used only for traditional IT activities, especially business.
A revolution that is generally part of the Internet of Things (IoT) phenomenon provides for the possibility that the Internet is no longer used only to make people, communities and companies interact, but also refrigerators, control units for real-time environmental monitoring, black boxes installed in cars, implantable defibrillators, electrical substations and so on. As for industrial companies, in truth, for years now, there has been a convergence between the ICS and IT worlds in different points and layers of the technological infrastructures, but the digital transformation implies an even greater integration, to the point of becoming un postponable to invest. In cybersecurity Industry 4.0.
What Are The Vulnerabilities Of Industrial Information Systems?
There are many types of IoT objects. There are consumer ones, designed to be connected to the Internet, usually managed by software that use a few binary files to receive commands and send information, and whose securing is appropriate but not vital. But then there is a myriad of sensors, devices, robots and related control systems in industries and utilities, often operating H24, with outdated control software (also in order not to lose the manufacturer’s support) and whose compromises can cause drops in productivity, problems in products or services sold , loss of revenue, violation of compliance to the regulations, damage to image, an advantage for the competition, damage to people and property.
The control systems of the devices (such as, for example, embedded computers Plc, Programmable logic controller) and the workstations with which the operator’s program and monitor them (through programs called Human Machine Interface, HMI) in most cases do not have security software capable of identifying and preventing malware infections the execution of unauthorized instructions. Those who access these systems often use short passwords or even the default ones provided by the manufacturers of the technologies.
A good part of the ICS is integrated into SCADA (Supervisory Control And Data Acquisition) architectures consisting of multiple technologies, including integrated software, hardware, control systems, and monitoring systems. There are various Scada architectures, some developed by large companies (or consortia of large companies), others conceived by sectoral and international bodies. This is why, when we talk about industrial cyber security, we tend to use the expression ICS Scada Security, a discipline intended to prevent the fact that when these technologies were born,
What Are The Main Threats To Critical Infrastructures?
Today, industrial control systems are exposed to generic threats, ICS-specific threats, and targeted attacks. In recent years, many breaches that have caused damage in companies and critical infrastructures have occurred by exploiting techniques also used against traditional IT systems. Often the HMI workstations of ICS systems are connected to the Internet with the HTTP protocol and can be easily found using standard search engines. Once inside these computers, hackers can take control of devices or servers that use known or easy-to-crack default passwords.
For ICS and the IoT in general, threat intelligence experts have noted a growth in application-based attacks. The reason is simple: botnet from which to launch DDoS attacks.
Still, on the subject of generic threats used for targeted attacks, we cannot forget those that exploit human errors. With a bit of social engineering, for example, a group of hackers at the service a competitor company or a nation-state can convince an employee of a company to insert infected USB memory sticks or DVDs into a workstation of a Scada node (a workstation of a Scada architecture from which specific systems are managed).
Among the most fearsome malware that can be contained in these vehicles of infection here are above all ransomware, which, in the case of industrial control systems, do not aim so much to encrypt data (to obtain the decryption key in exchange for a ransom) as to delete programs and data to block a production process or the provision of a service critic. Recent history is full of such incidents.