A whole new Cybersecurity sector that deals with automation vulnerabilities has emerged due to the industry’s demand to streamline production of goods, monitor industrial services and the ability to create highly-refined processes to increase the efficiency of the industry.
Since the mid-1990s, the Internet and the automation of industrial systems have made cyberattacks on companies and their assets easier than ever before. In the mid-2000s rogue states and terrorist organizations increased the risks to the industry in countries that they consider to be a threat. With resources including enhanced technology and financial backing from these rogue nations, attacks have become more destructive and complex.
One attack, in particular, stands out when it comes to Industrial Cybersecurity, Stuxnet. This 500-kilobyte worm was a project of a joint U.S.-Israel effort to thwart Iran’s nuclear program. It managed to destroy one-fifth of their centrifuges that created nuclear material and was delivered to “air-gapped” computers by a USB thumb drive by an operative. Stuxnet reinforced the fact that even systems that are isolated from the network can be compromised.
To help combat the increasing risk of cyberattacks on the industrial complex, check out these three ways to pave a path to greater security of your customers’ systems and their overall business.
1. Have detailed knowledge of the vendors that have created the controls, components and systems that make up your customers’ industrial architecture.
The highest number of vulnerabilities are found in a handful of manufacturers. In 2015 alone, three manufacturers had the most exploits in their system products. Several of the vulnerabilities found were identified as root causes for the industrial attacks.
2. Make sure that all ICS components are categorized.
ICS components in HMI, Electronic Devices and SCADA systems should be put into a specific category. Categories include Controllers, Web Servers, RTUs and Base Stations just to name a few. Each category is subject to a different type of common vulnerability such as buffer overflows, recoverable password formats and even plain text transmission of data. According to Open Web Application Security Project (OWASP), these components and the entire industrial environment should be audited quarterly to ensure that new components, vendors and consequently vulnerabilities have not been introduced into the ecosystem.
3. Follow the NIST and OWASP Security Principles for ICS/SCADA environments.
The OWASP is a not-for-profit international organization dedicated to the securing of applications by educating people, refining processes and investigating technology to help eliminate vulnerabilities. The NIST or National Institute of Standards and Technologies has a vast amount of information and publications to help maintain ICS/SCADA systems and are often the compliance body that many industries have to adhere to for their industrial security specifically NIST SP 800-53, the current standard. Staying current with security vulnerabilities and having detailed auditing information will be crucial to keeping your customers’ ICS/SCADA systems up-to-date and reducing the possibility of a cyberattack.
Staying current with security vulnerabilities and having detailed auditing information will be crucial to keeping your customers’ ICS/SCADA systems up-to-date and reducing the possibility of a cyberattack.
Tech Data offers products from many world-class vendors to help keep ICS/SCADA systems protected. Additionally, we can help your customers’ business remain compliant with government and industrial security standards. Please contact us at firstname.lastname@example.org to learn how we can assist you to achieve your Industrial Security goals.