Cybersecurity is one of the most pressing concerns of the 21st century and is fast becoming one of the toughest challenges for the industrial and critical infrastructure sectors. The Colonial Pipeline ransomware attack of May 2021 is one profound example of how cybercriminals can shut down the production of a key utility. ICA Engineering hosted a webinar with prominent members of the industrial network security community to discuss IT and OT security, cybercrime, and how to mitigate the biggest and newest emerging threats from bad actors.
ICA’s panelists included Trevor Lang, the Field Applications Engineer from HMS. HMS Industrial Networks has over 30 years of experience across a wide range of applications, including pragmatic IIoT solutions and remote monitoring solutions for companies all around the globe. Dominic Genzano is the Cybersecurity specialist and the CEO and founder of STIGroup, a consulting, engineering, and managed services firm focused on translating cybersecurity solutions from the commercial corporate space to the industrial control systems space. William Nieves is the industrial networks engineer and BDM at Turtle & Hughes Electrical Construction Contractors, a company just shy of a century old and partnered with many respected firms, including HMS and Rockwell Automation. Finally, the webinar was hosted by ICA CEO and founder, Joe Stevenson.
1. Current Cost of Cybercrime
According to the FBI, in 2019 the cost of cybercrime in America alone was $3.5 billion, with $9 billion of that due to ransomware. Since then, that figure has only escalated. ICA has worked with numerous companies who have, in the recent past, had to deal with Denial of Service (DoS) attacks and ransomware attacks — usually due to insecure networks. Technological solutions from Rockwell and HMS allowed ICA to protect the information assets of these companies.
Attacks like these are a growing issue, in part because of the struggle to impress upon industrial firms how the severity of the risks correlates to the speed at which systems are becoming more connected.
2. The Primary Cybercrime Threat
Ransomware is a piece of malware that breaks through the industrial network security system. It causes computers or control systems to shut down and may also steal or delete data. The malicious actors – a general term for criminals in this context – demand a large amount of money, usually in digital currency like Bitcoin. Once the money is transferred, they promise to restore control of the systems and network and return any stolen data. Ransomware attacks can leave industrial firms stranded for weeks, or even months, while they try and regain control of their networks.
Dominic Genzano pointed out that a lot of the threats that are now entering the OT space, especially the critical infrastructure sector, are threats that have existed in the commercial sector for quite some time. Bad actors have now realized that the same exploits they’ve had success within the commercial sector could have an even more devastating impact in the industrial sector.
Ransomware in the industry can bring operations to a halt, causing supply chain disruptions, machinery issues, and potentially even threat to human life via disturbances like power outages, problems with mass transit, or water contamination. Industrial control system networks are typically not as hardened against cybersecurity threats as commercial networks, making them more appealing to threat actors.
William Nieves notes that ransomware may not be a strong enough term for what’s happening in the industrial and critical infrastructure sector. He reminded the panel that after the attack on a water treatment plant in Florida, Homeland Security Secretary Alejandro Mayorkas stated that these attacks are “purely to do harm” and that ransomware is rapidly becoming “killware.”
One of the trickiest issues is that, particularly with critical infrastructure, more and more aspects are becoming connected for efficiency and convenience. Sadly, along with convenience comes vulnerability. The more parts of a system that are connected, the more ways bad actors have to infiltrate a network.
3. IT Versus OT
When looking at these threats, you’ll notice that we make a firm distinction between threats in the commercial space and threats within the industrial sector. Although the software used to create the threat is often the same, because of the types of networks used and the devices on those networks, the impact is often very different – devastating, in fact, when problems occur within industrial control systems. This is the difference between IT and OT.
IT, or Information Technology, refers to technology that only deals in the transfer and management of data. OT, or Operational Technology, involves data movement as well, but also encompasses all the hardware and software within industry and infrastructure such as control systems, equipment, sensors, logic controllers – basically, any part of the industrial operation that’s connected to another part.
A simple way to understand IT versus OT is that IT is rarely physical, while OT often is. OT security is of paramount importance because when OT security fails, that’s when factory equipment, water filtration systems or even fuel pipelines become affected or shut down completely.
4. Key Ways to Prevent Cybercrime
Trevor spoke about the concept of the “air gap” — disconnecting a system from a network to protect it from external threats — stressing that in today’s business world, that’s just not practical. Data needs to be collected from sensors and equipment and monitored remotely for safety.
Industrial engineers can deal with this by utilizing other equipment and routers to provide network separation, effectively re-routing access through a variety of newer and more advanced systems that can handle the relevant security requirements. Paired with updated user access control (UAC) protocols, this approach allows for the ready identification of intruders on the network.
One of the primary ways to improve industrial network security is to move away from legacy systems and start exploring new ways to connect. William highlighted that Ethernet/IP is one of the most common industrial protocols. ODVA has developed CIP Security which applies certification and encryption to all communications on a network, by updating the protocols rather than overhauling the whole system.
5. Assessment and Recovery
When reviewing an industrial network security system, it’s important to assess the system as a whole and understand the potential threats, what connections are essential and which aren’t, what types of software and hardware security are required, and what types of administrative controls the system needs.
Firms also need to be prepared in case the worst does happen. Comprehensive backups, ways to segregate operational networks, and disaster contingency plans are part of being able to recover effectively after a cyberattack. OT engineers and IT specialists are merging their techniques and expertise to better protect industrial control systems for a safer future for all.
For more information on protecting your industrial network and control system, contact ICA and discuss your security requirements with the control system lifecycle experts.