Hybrid Cloud Security
Data Center & Virtualization
Security Fit for DevOps
Solutions for Security Teams
Advanced Threat Protection
Endpoint & Gateway Suites
SaaS Application Security
Endpoint Detection & Response
Point of Sale
All Products and Trials
Centralized Visibility & Investigation
Global Threat Intelligence
Connected Threat Defense
Breaking News & Intelligence
Simply Security Blog
Security Intelligence Blog
UK Security Blog
Education & Certification
Glossary of Terms
Research & Reports
The Deep Web
Internet of Things (IoT)
Zero Day Initiative (ZDI)
Login to Support
Virus & Threat Help
Renewals & Registration
Free Cleanup Tools
Find a Support Partner
Pre-Sales Technical Advice
For popular products:
Find a Partner (Reseller, CSP, MSP)
Become a Partner (Reseller, Integrator)
All Alliance Partners
Customer Success Stories
Corporate Social Responsibility
Diversity & Inclusion
Internet Safety and Cybersecurity Education
Find a Partner
1-877-218-7353(M-F 8-5 CST)
Learn of upcoming events
Social Media Networks
+44 (0) 203 549 3300
Industrial Control Systems (ICS) are found everywhere–from automated machines that manufacture goods to an office building’s cooling system.
Previously, it was standard that ICS were based on specific OS and specific communication protocols. However, in recent years, system development costs have been reduced and productivity has been improved by implementing network connection based on general purpose OS and standard communication protocols.
To compete in today’s market-driven economy, businesses and organizations opt for efficient control systems that can automatically manage processes. ICS can be found in manufacturing, processing facilities, and even power plants–which play a vital role in running a country. On the other hand, the increased efficiency that ICS introduce also presents new problems on security. In reality, threat actors have much to gain when they attack such companies. A successful attack on ICS has serious impact on any organization. Some of these effects include operational shutdowns, damaged equipment, financial loss, intellectual property theft, and substantial health and safety risks.
Threat actors have different motives when choosing an enterprise to target. When carrying out attacks, these threat actors are often motivated by financial gain, political cause, or even a military objective. Attacks may be state-sponsored or they could also come from competitors, insiders with a malicious goal, and even hacktivists.
One of the earliest examples of an ICS attack happened in 2005 when 13 DaimlerChrystler U.S. car manufacturing plants went offline for nearly an hour. The main cause was Zotob PnP worm infections that exploited a Windows Plug and Play service. The total downtime has resulted in a backlog in production costing the company thousands of dollars. While the attack was not linked to an individual or a cybercriminal group, cybercriminals may also be hired by competitors who have much to gain from the damage caused by an attack.
The first stage of an attack against ICS usually involves reconnaissance that allows the attacker to survey the environment. The next step would be to employ different tactics that will help attackers gain a foothold in the target network. The strategies and tactics at this point are highly similar to a targeted attack. To launch a malware, an attacker will make use of all the possible vulnerabilities and specific configurations of an ICS. Once these vulnerabilities have been identified and exploited, the effects of an attack can cause changes to certain operations and functions or adjustments to the existing controls and/or configurations.1
The complexity of launching an attack on ICS depends on different factors, from the security of the system to the intended impact (e.g., a denial-of-service attack that disrupts the target ICS is easier to achieve than manipulating a service and concealing its immediate effects from the controllers). While there are already a lot of ways for attackers to damage an ICS, new tactics will continue to emerge as more and more devices are introduced to every ICS environment.
Since all ICS deal with both Information Technology (IT) and Operational Technology (OT), grouping vulnerabilities by categories assists in determining and implementing mitigation strategies. The National Institute for Standards and Technology’s (NIST) security guide for ICS divides these categories into issues related to policy and procedure, as well as vulnerabilities found in various platforms (e.g., hardware, operating systems, and ICS applications), and networks.2
Policy and Procedure Vulnerabilities
Platform Configuration Vulnerabilities
Platform Hardware Vulnerabilities
Platform Software Vulnerabilities
Malware Protection Vulnerabilities
Network Configuration Vulnerabilities
Network Hardware Vulnerabilities
Network Perimeter Vulnerabilities
Wireless Connection Vulnerabilities
Network Monitoring and Logging Vulnerabilities
Possible weaknesses in ICS network
Every ICS environment may contain weaknesses depending on their configuration and their purpose. The size of an ICS environment can also be a factor–the bigger the environment, the greater the chance for an error to occur. An ICS environment that replaced its legacy system with modern systems and introduced tools like Industrial Internet of Things (IIoT) devices may also have more weaknesses for threat actors to exploit.
As ICS continue to modernize, an increasing number of Internet of Things (IoT) devices are introduced to improve productivity and enhance system control. With the use of related IoT devices; process controls, data monitoring, and communication with other systems are made simpler. However, there are risks involved when smart devices are used for such tasks.
IIoT incorporates machine learning and big data analysis. It also harnesses sensor data, machine-to-machine (M2M) communication, and automation technologies that have previously existed in the industrial setting.3 IIoT can perform tasks such as data aggregation, predictive analysis, prescriptive analysis, data value addition, and even the creation of new business models.4
Similar to how the introduction of smart phones was followed by the rise of vulnerabilities and malware related to the platform, integrating Human Internet of Things (HIoT) and IIoT devices may create similar problems. In fact, managing IoT devices in the ICS environment can create major challenges in security, as each device will have to be properly defended and secured. Not applying adequate security leaves the entire ICS ecosystem highly vulnerable to attacks.
With the use of IIoT there are also a few unique challenges to overcome:
Although hacking IoT devices may be challenging, threat actors behind targeted attacks are both knowledgeable and persistent–which could lead to successful breaches in a target’s network. In addition to this, device loss is also a major cause of data breach. One misplaced device may give cybercriminals the necessary access to penetrate the target’s network.
The impact of cyber attacks on industries using ICS depends on the target’s nature of operation or the motivation of cybercriminals pursuing the attack. Every effect listed below may be felt by a target’s internal, as well as external, clientele.
Like it? Add this infographic to your site:1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.