Arraya Insights | May 10, 2017
Even though they don’t provide the same immediate financial payoff as businesses in other industries, manufacturers remain a favorite target of cyber criminals. Rather than directly stealing money, attacks may focus on disabling systems and causing damage to critical infrastructure. Criminals may also have their eyes on intellectual property or internal operational information as part of a corporate espionage campaign. Motivation aside, the aftermath is no less painful.
To reach their targeted data, cyber criminals leverage a variety of attack vectors. One avenue that is particularly enticing is a manufacturer’s Industrial Control Systems (ICS). This computer-based network, which orchestrates the industrial processes of a facility, tends to be deployed on older hardware. The critical nature of the equipment also makes it hard to take time to patch – and harder still to take offline and replace. Should criminals gain control over it, the damage can be catastrophic.
A recent example of an ICS attack that earned headlines globally concerned an unnamed German steel mill. Attackers initially gained access to the mill’s network by way of a spear-phishing campaign directed at the business side of the house. Once inside, they were able to dig around, eventually gaining access to the production environment. At that point, they were free to meddle with control systems to the point where one of the mill’s blast furnaces was unable to be properly shut down, resulting in massive damage. The attackers’ motives, whether it was to purposefully inflict damage or if that was an unintended consequence of some other design, remain unclear.
Keys to tightening your company’s Industrial Control Systems
What took place at that German steel mill is a worst case scenario. However, it serves to underscore the importance of securing ICS against cyber attacks and accidents. Here are six ways modern manufacturers can do just that:
- Perform regular assessments. Cyber threats are always evolving. Defenses that don’t follow suit will be little help should they be placed in the crosshairs. Security teams should review their security environment at the very least annually to make sure everything is up-to-date and operating at the highest level. These assessments should include critical infrastructure, user access, and more to protect against incidents stemming from internal and external sources.
- Regularly monitor system events. IT has enough to worry about in terms of active threats without having to add in those which have already been neutralized. However, there’s a lot that can be learned from security event logs, even those concerning incidents that were prevented. They can help you spot trends relating to risky user behavior or organizational security weak points.
- Deploy reliable perimeter defenses. IBM’s Threat Intelligence Report is clear – the perimeter is a major risk factor for businesses. Roughly 91% of attacks on manufacturers occurring in 2016 were launched by outsiders. Defenses such as advanced firewalls and intrusion prevention systems must be deployed to harden the business against exterior assault. As mobility becomes more ingrained, businesses must also consider user identities to be part of the perimeter and defend them as such.
- Deploy endpoint security. The same push for enterprise mobility that has shifted user identities to the security perimeter has also necessitated tighter defenses around endpoints. Employees want to work from a variety of devices and it’s up to IT to leverage antivirus software, mobile device management, whitelisting, etc. to ensure they can do so without putting corporate systems at risk.
- Commit to patches and updates. There’s too much riding on manufacturers’ ICS to fall behind on patches. It’s no small feat to put together a patching calendar that acknowledges both production goals as well as security needs. However, the risks of failing to do so are too great to overlook.
- Manage and audit changes. Changes should be tracked across an organization’s IT environment. However, it’s of paramount importance when it comes to ICS. Any configuration adjustments should be documented and backed up. This can reduce downtime during maintenance and, in the event of tampering incidents – it can make the root cause of issues easier to find.
Don’t face today’s cyber threats alone
Arraya’s Cyber Security Practice can help ensure your ICS is up to the challenge presented by today’s cyber criminals. They can provide the strategic advice and the tactical solutions needed to keep data safe and criminals at bay. Our Cyber Security Practice can be reached by visiting: https://www.arrayasolutions.com/contact-us/.
Visit us on social media – LinkedIn, Twitter, and Facebook – to leave us a comment or a question on this post. While there, follow us to keep up with our latest industry insights, company blogs, and exclusive special events.