How to keep your Industrial Control Systems (ICS) cyber secure

22nd October 2021

Which devices in your workplace are most susceptible to cyber attack? Your PCs? Your smartphones? How about your servers?

All are perfectly sensible responses. But if your workplace uses “Internet of Things” (IoT) technology then that may well be the most vulnerable piece of your tech puzzle.

You see, IoT presents a new era of possibilities for cybercriminals. In their Mid-2021 report, SonicWall reported that IoT attacks have risen by 59%, making them the second most common method of attack after ransomware.

Though the term “Internet of Things” conjures up images of wearable tech and fridges that text you when your milk’s running low, there is actually an established history of highly connected devices across a number of professional and industrial settings. This is scary enough stuff for businesses using IoT like building access control systems and vehicle tracking devices, but the cybersecurity community has already seen hackers achieve real, wide-reaching chaos by attacking crucial Industrial Control Systems (ICS).

What are Industrial Control Systems (ICS)?

Industrial Control Systems refer to digitally operated, internet-enabled systems that monitor and control processes across a range of industrial applications. These systems can be used to completely automate processes or can be simply used to provide hands-off control to human operatives.

Industrial Control Systems: The good stuff

Just how essential is ICS?

Industrial Control Systems have a part to play in many of our modern luxuries.

Energy Generation & Transmission

  • Control of pumps, drills, and pipelines
  • Flow, surge, and safety detection
  • Automated breaker and switch operation

Fabrication, Manufacturing & Warehousing

  • IT-controlled sensors, motors, pumps, arms, cutters, and actuators
  • Automated forklifts and warehousing tech

Water & Waste Management

  • Control and monitoring of pressure, flow, contents, and temperature
  • Management of vats and purification systems

Building Management

Agri-food & Pharmaceuticals

  • Automated irrigation systems and sensors
  • Maintenance of drug/recipe consistency, quality control, and regulatory reporting
  • Thermometers to monitor and record refrigeration temperatures

Healthcare & Hospitals

  • Computerised control of MID equipment like CT, MRI, and ultrasound scanners
  • Monitoring and control of patient monitoring equipment, infusion pumps, and ventilators
  • Climate control and refrigeration systems.

What is ICS Security?

ICS Security is the practice of defending industrial control systems (and the organisations that use them) against cyber attacks and digital crime. Given the high risk, high value industrial and infrastructural processes at play, cybercrime involving ICS devices can be an attractive prospect for cyber hooligans looking for something to ransom, hack, or destroy.

Apart from general cyber security good practice like having a firewall and investing in network monitoring services, there is unfortunately no single silver bullet that provides total ICS security to all. Its application is just so varied, and a lot depends on your network layout and how your ICS devices link in into it. But more on that later.

The shocking realities of Industrial Control System (ICS) security

IoT devices tend to be notoriously hard to secure from a cyber perspective. They’re often designed very simply – to carry out their core function and nothing more. Though this makes the devices easy to manufacture, it often leaves little to no room for cybersecurity. It’s therefore largely left to the organisations using these devices to keep them secure.

Though IoT devices don’t usually have much in the way of on-board memory, it’s highly possible that a hacker could identify a weakness in a particular ICS device and engineer a vulnerability that affects its operation, output, behaviour, readings, or safety; or simply use it as an underdefended point of ingress to hack the company’s internal network.

But that’s not all. In our experience, IoT suppliers often request that their devices be connected directly to the internet, without a firewall or Intrusion Prevention System in between. The rationale that’s usually given is that the supplier needs direct access to the device for monitoring and support purposes. Though this may seem useful on the surface, it’s incredibly risky for both parties.

And to top it all off, the concept of ICS/SCADA has been around since the 1960s. Therefore, it’s quite likely that a few antique devices are still doing the rounds somewhere, built with relatively ancient IT standards in mind.

ICS security therefore presents quite a lot to wrap your head around!

Real-life examples of Industrial Control System attacks

German Steel Mill, 2014

A report from the German office for information security recounted a callous attack on an anonymous steel mill. Criminals used phishing emails to steal crucial ICS login details. They used these credentials to enact a number of dangerous failings which resulted in an uncontrolled shut down of a blast furnace, causing massive damage and losses.

BlackEnergy, 2015

A Russian cybercrime group used spear phishing attacks to spread BlackEnergy malware to three of Ukraine’s main energy providers. This malware disabled substation hardware, destroyed files, and launched a denial of service attack on their call centre to deny customers access to up to date information.

Target, 2013

In 2015, a criminal group attacked the aptly named US retail giant, gleaning around 110 million sets of credit/debit card details. They achieved this by compromising the retailer’s heating and air con supplier and using their IoT hardware connection to leapfrog over to Target’s network, eventually installing card-stealing malware in their point of sale systems.

How to protect your levels of ICS security

Understand your network layout

Before you leap into action, understand your network’s status quo first. With pen and paper, sketch out a rough diagram of your network’s topology – basically what connects to where and how. Get help from someone with first-hand experience of your network if you need. Having this to hand can help you to streamline operations and spot weaknesses.

Place ICS devices behind your cyber defences

Next, see where your ICS devices are connected in relation to your cyber security defences. For clarity, any IoT devices should connect to the internet through security layers like your firewall and never directly to the internet. You may need to liaise with your ICS device’s provider to work out a solution that keeps you secure whilst also providing them with the access they need. Get in touch with the friendly experts here at Just Cyber Security if you need assistance!

Prepare a backup plan

Take a moment to understand where your most valuable data and digital functions lie, and what you would do if these were interrupted or deleted. Your network map from above may help you identify any unprotected connections or glaring network bottlenecks ripe for a denial of service attack.

Granted, you may need some help identifying all of the possible risks in your network, but that’s exactly what our friendly, expert team are here for! Not only can we help you form a plan of action for every cyber possibility, but we can also provide incident response support if a crisis ever does strike.

Invest in for-purpose cyber security awareness training

On the whole, an organisation’s team is its strongest asset. Yet a workforce that’s ignorant of the cyber dangers that lurk out there can cost money, customers, and reputation; all of which can be wiped out with a single attack.

So just because your factory or plant floor engineers don’t use “traditional” IT, that shouldn’t exclude them from cyber awareness training. In fact, we’d advise that your industrial teams receive extra security training that surrounds their particular use of ICS tools, social engineering, and physical access security.

Protect ICS access credentials with multi-factor authentication

If your ICS systems rely on username and password logins for access, consider securing them further with Multi-Factor Authentication. MFA solutions insert an extra authenticating factor into the login process, ensuring that only authorised personnel can access your critical ICS dashboards. Many MFA tools like WatchGuard Authpoint keep audit logs of access attempts and let you block users from accessing protected resources if anything suspicious occurs.

And if your ICS systems don’t require logins, then work with your supplier to get them set up as a matter of urgency!

Use the principle of least privilege

This is good cyber security practice – regardless of ICS and IoT! You see, when doling out access credentials, it’s common to give users more access than they really need – sometimes that’s out of a touch of laziness, sometimes that’s in the spirit of “here, have a lil’ bit extra, just in case”.

However, being too generous with credentials leaves you vulnerable to internal threats, increases the damage that can be done by social engineering attacks, and risks confusing inexperienced staff. Give each team member juuuust the right level of access that they need for their role and always delete credentials when someone leaves your team. Diarise regular credential reviews and aim to be as stingy as you can!

Keep everything up to date

This should hopefully go without saying. Always apply updates to software, operating systems, and firmware whenever you’re prompted to do so, across your whole network. This especially applies to your security measures and your ICS.

Criminals often create zero-day exploits designed to harness security loopholes in older software, so regular updates help keep those threats at bay. You may be able to automate some updates, but diarise regular check-ins to be sure.

Hardware replacements are important too – our colleagues at Just Firewalls recommend replacing your firewall at least every 5 years. Cyber security risks change as the years go by, so investing in the latest security tools can give you that edge in the fight against cybercrime.

Invest in penetration testing & network monitoring

Penetration testers are hackers who use their powers for good, not evil. They know the same tricks the hackers do, so they can probe your network in the same ways that a criminal might. They can then report back on where your network’s weaknesses lie and propose solutions to keep you safe. “Pentesting” is an important investment regardless of sector, but it’s especially important if you have specific hardware or connectivity needs – that includes using ICS hardware.

Network monitoring services are also useful. In short, security experts will keep an eye on your network defences and security alerts, and will ensure that you’re the first to know if anything untoward happens.

Concerned about your own ICS cyber security?

There’s no need to struggle on your own – the friendly experts at Just Cyber Security can help with everything from network monitoring, to penetration testing, to disaster planning, to simply being a cyber-savvy critical friend!

Drop us a line today or chat with one of our experts on 0808 1644414!

You’re in safe hands with our cyber security team