Cybercriminals and other similar bad actors are lining up to target industrial controls. Since the beginning of 2020, attacks aimed at sectors that are critical to basic infrastructure have increased by more than 400%. Of those attacks, 45% were ransomware attacks targeting control systems.

What’s Behind This?

Industry is moving with breakneck speed into the digital age, with Industrial Internet of Things (IIoT) devices being installed in nearly every sector. This accelerated capital injection leads to numerous technology projects running in parallel, resulting in a fractured approach to securing critical infrastructure. These projects can include grid modernization, manufacturing automation and resiliency of water infrastructure. These trends are being driven by:

  • Faster networks.
  • Better sensor technology.
  • Better data gathering, processing and analytics.
  • More connectivity options.

In manufacturing sectors, these advances are leading to more robotics, process automation and remote-controlled machinery — all table stakes for remaining competitive.

In the utility sector, these advances are having similar impacts. Supervisory control and data acquisition (SCADA) systems have long been used to provide operational data on electrical grids and generating stations. In times past, SCADA systems were often limited in their communications, but now they are being updated or augmented with newer sensors and devices that have capability to deliver operational data to engineers and technicians situated in control centers many miles away. The need to dispatch crews to manually check readings on equipment in remote locations is becoming a thing of the past.

Protecting Communications Links and Repositories

Unlocking business enablement capabilities such as remote access or data intelligence/analytics allows information to traverse more freely to and from operational technology (OT) networks and IT networks. Those enabling capabilities also have the potential to create cybersecurity vulnerabilities, as firewalls and perimeter controls that were traditionally closed now are opened to permit communications between different network and data repositories.

With the exponential growth of IIoT devices that are collecting a variety of operational data, multiple challenges arise. There is no question that improved data access and analytics drive real value, but this value comes with risks. It creates a need for a comprehensive defense-in-depth approach.

Putting this security architecture together starts with an end-to-end risk analysis of the processes by which data is collected, leveraged and secured. Segmentation practices, endpoint protection, and monitoring and detection capabilities must be implemented. These design principles force an adversary through a series of technical controls that provide both prevention and detection capabilities. Traditional security practices such as access control and vulnerability scanning of endpoints are another important step.

Network visibility becomes even more important as IIoT devices grow. Sensors deployed along critical network paths are necessary to let operators see all traffic and to protect its validity. Indicators of compromise (IOCs) can be flagged based on historical traffic patterns and anomaly recognition. This can be a complex process because data traffic often comes from a whole host of providers, including business affiliates, security solution providers and the intelligence community. If/when an indicator is flagged for unusual activity, reactive steps must be taken to determine the risk and impact to the organization.

Other security controls to consider include:

  • Design access control systems to predefine approved IP communications across IIoT devices.
  • Establish secure network connections using VPNs or tunneling.
  • Embed certificates within IIoT devices to establish trust.

Now is the time to revisit the capabilities your existing technology has in an effort to optimize your investments. Take advantage of these technological capabilities to enable more efficient, more informed engineering decisions. Setting baseline controls and understanding the threat landscape will help all critical infrastructure industries move into a digital future.

 

Cybersecurity for critical industries can no longer be put off to tackle at a later date.

Explore Your Options

by
Eric R. Ervin, CISSP, is global cybersecurity director for utilities and manufacturing at 1898 & Co., part of Burns & McDonnell. He leads teams of cybersecurity professionals focusing on improved risk management, situational awareness, resiliency and preparedness for power and water utilities and manufacturers in the U.S. and internationally. Over a career spanning nearly 20 years, Eric has worked for major Midwest utilities in corporate security and cybersecurity roles.