theDocumentId => 1341216 What Industrial Control System Vulnerabilities Can ...

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

6/15/2021
01:00 PM
Chen Fradkin
Chen Fradkin
Commentary
50%
50%

What Industrial Control System Vulnerabilities Can Teach Us About Protecting the Supply Chain

Older technologies used in industrial and critical infrastructure leave the sector highly vulnerable to attack, but organizations can take steps to better protect themselves.

Over the past year, we saw many unpredictable challenges. To stay connected and keep things moving while adhering to social distancing restrictions, many organizations had to expedite their digital transformation initiatives. The industrial and critical infrastructure sectors are particularly vulnerable due to the older nature of the devices used in industrial control systems (ICS). Their increased attack surface leaves these organizations particularly susceptible to cyberattacks, specifically in the supply chain.

SolarWinds and the Supply Chain
Awareness of supply chain attacks has been steadily growing over the past decade as major security incidents became known. These include the 2013 Target security breach, in which the credentials for a heating and air conditioning vendor were stolen and used to access the retail giant's network, or the 2017 NotPetya attack, in which several multinational corporations' software updates were affected by ransomware, shutting down company technology and crippling business. The recent SolarWinds Orion software attack brought attention back to the vulnerable nature of the supply chain and the urgent need for increasing security measures at all stages.

Related Content:

The Colonial Pipeline Attack Is Your Boardroom Wake-Up Call

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: A View From Inside a Deception

Months after the SolarWinds breach was disclosed in December 2020, details about the full extent of the damage are still being uncovered. The affected product was incredibly widely used, making it quite difficult to pinpoint exactly how the breach happened. This stresses the need for increased visibility in all areas of the supply chain — in both information technology (IT) and operational technology (OT). The increasing convergence of IT and OT networks has contributed greatly to the susceptibility of the supply chain, while increased visibility in both areas could have raised awareness of the attack's presence and the potential for preventing it.

Recovering From the Fallout
As we have yet to understand the full impact of the SolarWinds attack, recovering from it will be an ongoing process. Organizations and their security teams will tighten up policies and practices that they may have loosened in the past. There is growing pressure on the US government to take action to protect against a similar event. Even so, organizations that were and want to prevent being affected are increasing security measures and paying closer attention to the tools in their technology stack.

In addition to dealing with the fallout from the SolarWinds attack, organizations are still seeing effects from the COVID-19 pandemic. The increase in remote workers and delays in rolling out new equipment and upgrading existing equipment created security gaps. Ransomware attacks are also on the rise, specifically targeting critical infrastructure that cannot afford downtime caused by an attack and are therefore more likely to pay up. Attacks could come in the form of stealing sensitive data, malware, identifying valuable assets in the network, or even targeting specific equipment and operating systems.

Given these factors, we must pay special attention to the COVID-19 vaccine supply chain. Just as the pandemic shaped security risks in 2020, the vaccine supply chain's susceptibility to attacks could shape security in 2021. So much time, money, and effort have gone into the vaccines' development as well as their manufacturing and distribution plans. These organizations are facing an unprecedented level of criticality to ensure the reliability and safety of the product.

Protecting the Supply Chain
Given all the threats posed to supply chains, IT and OT security professionals must prepare themselves and their organizations to defend against the attacks that are likely to come in the near future.

One of the most important changes organizations can make to bulk up supply chain security is turning attention to the outside vendors and partners that have access to their internal systems. The first step is to identify how external partners gain access to internal systems and who is responsible for them. There should be continuous communication among security partners, vendors, contractors, and internal supply chain decision-makers to ensure complete visibility into systems.

Another important step is to maintain an asset inventory and invest in segmentation to maintain security for each asset individually. Our research found that 71% of ICS vulnerabilities disclosed in the second half of 2020 were remotely exploitable through network attack vectors. Segmenting out assets helps ensure that should one part of your asset inventory suffer a security breach, the rest will not be compromised.

A few other steps to ensure safety in the supply chain include implementing solutions to overcome specific OT security challenges, adhering to industry-specific Cybersecurity and Infrastructure Security Agency (CISA) recommendations, and ensuring your C-suite and executives are involved in industrywide initiatives that share operational concerns, solutions, and processes.

By learning from past attacks and taking the necessary steps, organizations will be prepared to navigate the changing ICS risk and vulnerability landscape for supply chains in 2021 and beyond.

Chen Fradkin is a security researcher at industrial cybersecurity company Claroty with over seven years of experience researching ICS and IT network security. She specializes in analyzing all components of network security, from protocols and topology to connected devices, as ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32794
PUBLISHED: 2021-07-26
ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code `POST /Api/ASF` ASF API endpoint responsible for updating global ASF config incorrectly removed `IPCPassword` from the resulting config when the caller did no...
CVE-2021-36563
PUBLISHED: 2021-07-26
The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts), the XSS pay...
CVE-2021-37392
PUBLISHED: 2021-07-26
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view the articles published by the injected use...
CVE-2021-37393
PUBLISHED: 2021-07-26
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user...
CVE-2021-37394
PUBLISHED: 2021-07-26
In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.