How secure is your industrial control system? According to Reuters, a U.S. government cybersecurity official warned that there has been an increase in attacks that penetrate industrial control system networks over the past year. Industrial control systems are computers that control operations of industrial processes, from energy plants and steel mills to cookie factories and breweries.
“We see more and more that are gaining access to that control system layer,” said Marty Edwards, who runs the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). U.S. firms partner with ICS-CERT to investigate suspected cyber attacks on industrial control systems as well as corporate networks. Edwards said he believed the increase in attacks was mainly because more control systems are directly connected to the Internet. “I am very dismayed at the accessibility of some of these networks…they are just hanging right off the tubes,” he said in an interview at the recent S4 infrastructure security conference.
Interest in critical infrastructure security has surged since late last month when Ukraine authorities blamed a power outage on a cyber attack from Russia, which would make it the first known power outage caused by a cyber attack. ICS-CERT reported in an alert that it had identified malware used in the attack in Ukraine as BlackEnergy 3, a variant of malware that the agency said in 2014 had infected some U.S. critical infrastructure operators. A Department of Homeland Security official said on Tuesday that government investigators have not confirmed whether the BlackEnergy malware caused the Ukraine incident.
What’s been changing lately is the level of granularity being offered by different companies to address specific ICS issues beyond general IT cybersecurity tactics. Examples of this movement were on display at the ARC Forum in Orlando, Florida. At the conference, NextNine, a provider of operational technology (OT) cybersecurity management tools, announced that it has added the ability to auto-discover assets in industrial and critical infrastructure environments. According to NextNine, its system now automates the mapping of critical assets across multiple remote sites. This allows the system to centrally monitor those assets to ensure compliance with corporate and regulatory security policy and protect the assets by rolling out patches, updates and policy changes.
“Complete and accurate [asset] inventory is a pre-requisite for reducing cybersecurity and operational risks, and is often a considerable operational challenge to overcome without a proper automated software tool,” said Shmulik Aran, NextNine’s CEO. Aran noted that NextNine developed its auto-discovery capability to address the “tedious and costly process” of having to manually discover and create an inventory of assets to monitor in industrial environments. He added that the new auto-discovery capability “passively identifies all devices thereby eliminating any danger of disrupting the operation by active scanning.”
In addition to NextNine, there are some new players coming into the ICS arena. A new cybersecurity company called Indegy claims to offer “the first cybersecurity platform that provides comprehensive visibility into the critical control layer of OT networks.” The platform reportedly detects logic changes to controllers regardless of whether they are performed over the network, locally on the device, by malware, or by a human being. It automatically discovers all controllers on ICS networks and routinely validates their logic, firmware version and configuration to identify any unauthorized or unintended changes. Indegy also monitors and logs all network activity including instructions sent to controllers such as modifying the temperature, pressure, and rotation speed of operational equipment.
For more information, see Automation World.
(Photo: Industrial Control Panel, Flickr)