Risky Business: ICS & The Rise of Cyber Attacks

The recent WannaCry/WannaCrypt cyber attacks on industrial control systems have forced many security pundits to revisit the old adage that legacy ICS systems and protocols are largely considered "hack-proof" because they are complex and proprietary, and kept separate from IT systems. 

With the convergence of IT and ICS networks, these high-profile cyber intrusions have highlighted the risk to control systems originating from connectivity to cloud, IT and wireless systems. As industries become more reliant on real-time data and connectivity, their attack surface expands exponentially. Cybercriminals exploit this increased interconnectivity, and suddenly they ‘have’ hundreds of doorways, through which attacks can enter, and pivot into an industrial control system.

What also must be emphasized here are the risks taken in the event of ICS attacks. Industrial networks control physical assets as opposed to virtual assets (e.g. information) controlled by IT networks. Cyber attacks on industrial networks can sabotage and disrupt production, damage equipment and the environment, compromise safety (both public and internal), and of course, as we’ve seen of late, demand cyber extortion on assets that cannot be restored from back-up. This difference makes the need to prevent the entrance of cyber attacks to industrial control systems (ICS) that drive physical processes, paramount.

Firewalls?
While traditional IT security technologies such as firewalls, intrusion detection and encryption promise protection, these solutions were designed to protect virtual data and information assets, but not physical infrastructure, machinery and the people who operate them. The security provided by these IT security solutions is based on software. Software that has bugs can be misconfigured, and requires frequent updates and patches. Firewalls, as any other software product, contains vulnerabilities and logic loopholes waiting to be utilized, allowing attackers to gain access into networks and wreak havoc. Clearly, IT security solutions, and specifically firewalls, fail when used to protect physical assets such as machinery, or physical processes against sabotage or remote control attacks.

This explains the reasons behind the move of many governmental agencies and regulatory bodies worldwide to recommend the use of unidirectional security gateways, instead of firewalls, for use in industrial control systems (ICS) and critical infrastructure (CI) cybersecurity.   

Security Enforced by Physics
The core of unidirectional security gateway technology is a physically enforced, impassable barrier on the perimeter of the industrial network, allowing the sharing of information with external networks without any risk of communication, commands or data getting back into the industrial network. Unidirectional gateway hardware has two modules:  A TX transmit module, which contains a laser, and the RX receiver module that contains an optical receiver. The two modules, located at the plant perimeter, are linked by a fiber-optic cable and work in tandem to transmit information out of the industrial operations network into the respective, external, corporate network. The system is incapable of allowing any virus, malware, ransomware, human error, or any external information whatsoever into the industrial network, thus eliminating the number one threat of today’s modern cyber arena: remote online attacks.

Server Replication to Allow Data Availability
The software part of a unidirectional gateway is called a "connector.  A connector gathers information from industrial systems in real time inside the protected network and transmits that data to replica servers on the IT network.  Any program or user on the corporate network that needs real-time data can now ask the replica server without risk of endangering the control network’s security. Users can be confident of receiving the same data as if they had access to the industrial system.

This means that real-time production information is readily available to corporate users and applications, but nothing can get back in through the gateways to the control network and put industrial systems at risk.

For more information about unidirectional technology click here.