Why ICS / OT Cyber Security is critical for Critical Infrastructure Protection?
There is no doubt that the need for cyber security in protecting critical infrastructure is increasing day after day and hour after hour, and it is important to understand that ICS / OT (Industrial Control Systems / Operational Technology) cyber security specifically and not the traditional IT security is essential to protect and mitigate risks arising on critical infrastructure systems, only IT security skills are not sufficient and actually will be adding additional risks to critical infrastructure operations. the threats on critical infrastructure are increasing and risks became catastrophic and that is because mainly of the following:
- The critical infrastructure networks and systems became more interconnected with other external networks and in some cases with the Internet.
- The hacking and attacking tools became more accessible and easier to be used.
- The political issues and conflicts increasing among different nations and countries
When we are talking about critical infrastructure systems we mean systems that are used in the operations and safety of critical infrastructure for example roads signaling systems, SCADA systems, systems used in trains and metro lines, systems used to support the production of oil and gas, systems used in nuclear and power plants…etc
Actually the consequences of successful cyber-attacks on critical infrastructure systems might be catastrophic, as it might be impacting people safety, reputational loss and trust loss of countries government authorities and organizations, big economical loss, you can imagine if attackers were successfully able to get access to signaling systems of the roads or of trains, or if they are able to get access to power utilities control systems, or able to get access to the national TV media systems and able to broadcast whatever message they want…etc
Examples of attacks already occurred on critical infrastructure as follow:
- Stuxnet on one of the Iranian nuclear plants, Stuxnet is a malicious computer worm, first identified in 2010, that targets industrial computer systems and was responsible for causing substantial damage to Iran’s nuclear program. Stuxnet specifically targets programmable logic controllers (PLCs), which allow the automation of electromechanical processes such as those used to control machinery on factory assembly lines, amusement rides, or centrifuges for separating nuclear material. The Stuxnet worm had as its main target industrial control systems with the goal of modifying the code running in Programmable Logic Controllers (PLCs) in order to make them deviate from their expected behavior
- The Dragonfly group, which is also known by other vendors as Energetic Bear, appears to have been in operation since at least 2011 and may have been active even longer than that. Dragonfly initially targeted defense and aviation companies in the US and Canada before shifting its focus mainly to US and European energy firms in early 2013.
- Around half the homes in the Ivano-Frankivsk region in Ukraine were left with no electricity for around 6 hours. According to reports, the cause of the 6-hour power outage was a cyber-attack that utilized malware. Interestingly, the reported case was not an isolated incident, as other electric firms in Ukraine were found to have also been targeted.
- The massive ransomware attack – WannaCry- has shut down work at around 16 hospitals across the United Kingdom. According to The Guardian, the attack began caused freezing of systems and encrypting files. When employees tried to access the computers, they were presented with a demand for $300 in bitcoin.
The result has been a wave of canceled appointments and general disarray, as many hospitals are left unable to access basic medical records. At least one hospital has canceled all non-urgent operations as a result.
- The same attack of WannaCry infected as many as 45,000 computers across more than 90 countries, including a number of utilities in Spain. Russia was among the hardest hit, with 1,000 computers in the country’s Interior Ministry falling victim to the attack,
Senior management in organizations which are responsible for operating critical infrastructure should be proactive and give more attention to that subject as well even if there is no regulations yet, as this will mitigate risks on safety, operations, revenue losses, and reputational losses, So they can start by conducting an ICS / OT cyber security risk assessment to get more visibility and clarity on the risks and their associated potential impacts on their organizations operations. SecuriCIP provide comprehensive set of services in that domain, you can contact us here for more information.
Government authorities should give more attention to this subject and produce the required frameworks and regulations associated with penalties to try to mitigate such catastrophic risks.