Over the past several years sophisticated code has been used for nation-state espionage in order to minimize risk to military personnel or costly equipment. Similar techniques are now being applied to the development of next-generation cyber weapons. These will allow troops to remotely launch cyber code designed to destroy physical equipment, cause severe damage to critical infrastructure, and impact not only military targets but also civilian lives.
There is a cyber arms race going on. Nation-states and terrorist organizations are spending billions of dollars to build the cyberbombs. According to U.S. government contractors and former Pentagon officials, a new half-billion-dollar U.S. military contract will sponsor the development of lethal cyberweapons. The goal of this United States Cyber Command project, according to various news reports, is to develop capabilities that will allow troops to launch logic bombs instead of traditional explosives and essentially direct an enemy's critical infrastructure to self-destruct.
While governments and adversaries are investing in the development of cyberarms, very little is being done to protect our critical infrastructure, leaving energy and manufacturing companies, for the most part, to fend for themselves against the growing threat of cyberattacks. Industrial facilities have become attractive targets for several reasons:
- Industrial processes are part of every nation’s critical infrastructure and therefore a successful attack may cause both physical and psychological damage.
- Most industrial facilities and networks were designed many years ago, before the threat of cyber-attacks existed. As such, no security controls were implemented to defend operational networks, which contain both design and code vulnerabilities that can be exploited by adversaries.
- To achieve automation and efficiency improvements, these traditionally disconnected networks have been opened up to the external world and that increases their risk exposure.
The Visibility & Control Challenge
One of the main challenges industrial facilities face is the lack of visibility and security controls over SCADA (Supervisory Control and Data Acquisition) systems, which automate industrial processes and manage remote equipment. Within these systems, the most sensitive and critical elements are the programmable logic controllers (PLCs).
Introduced in the late 1960's, PLCs are dedicated industrial computers that make logic-based decisions to control industrial processes. They are found in every industrial environment, and play a critical role in complex industrial processes like power generation, oil transportation, management of electrical and water utilities and various manufacturing processes. A cyberattack that reaches these controllers, changes their logic, or takes them out of commission, can have devastating physical results.
PLCs are designed to be ruggedized and require little on-going maintenance. Therefore it is not uncommon for PLCs implemented decades ago to still be in operation. Although many documented PLC vulnerabilities can be exploited, most of these are never patched due to stability concerns. Given the complexity of the processes they automate, any disruptions to PLCs can cause downtime, reliability issues or other operational problems.
Since PLCs were deployed decades ago and rarely undergo maintenance, it is virtually impossible to maintain an accurate inventory that details where devices are located and what logic they actually run. In addition, logs commonly used in IT systems to monitor configuration changes or last known good configuration, do not exist in PLCs. As a result, in the event that a cyberattack successfully alters PLCs, there are no efficient recovery mechanisms in place.
Monitoring the network activity and searching for signatures and indicators of compromise has proven challenging as well. The “open architecture” of the Internet age does not exist in industrial networks. Since every industrial equipment vendor implements their own proprietary network technology, most of which are not well documented, it is difficult to understand all the activity on the network.
To add even more complexity, it is common for multiple vendor technologies to be implemented in the same industrial network. This complexity and the lack of adequate monitoring tools create blind spots that can allow sophisticated code, or insiders with malicious intent, to go undetected and compromise PLCs.
The threat of cyberweapons goes beyond their direct impact on industrial facilities since successful attacks can produce massive and unintended collateral damage beyond their initial target. That’s because they are attacking a technology that is ubiquitous across the industrial sector. Attack code could easily spread to infrastructures and industries that weren’t originally targeted, yet they would still suffer from its consequences.
Another serious concern is the possibility that these new cyberweapons will end up in the wrong hands, “leaked” by disgruntled employees or through security breaches. It’s worth mentioning that contractors bidding for the United States Cyber Command contract include companies like Boeing and Lockheed Martin, both of which were victims of information theft by Chinese hackers in recent years.
Cyberattacks targeting critical infrastructure are not theoretical; they are real and pose an even greater threat in the wake of new classes of cyberweapons being developed to exploit design issues and vulnerabilities in industrial networks. The lack of security controls and vulnerabilities in PLCs, combined with insufficient visibility and control over operational networks, is a problem that can’t be addressed too soon.