Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


// // //
01:00 PM
Chen Fradkin
Chen Fradkin

What Industrial Control System Vulnerabilities Can Teach Us About Protecting the Supply Chain

Older technologies used in industrial and critical infrastructure leave the sector highly vulnerable to attack, but organizations can take steps to better protect themselves.

Over the past year, we saw many unpredictable challenges. To stay connected and keep things moving while adhering to social distancing restrictions, many organizations had to expedite their digital transformation initiatives. The industrial and critical infrastructure sectors are particularly vulnerable due to the older nature of the devices used in industrial control systems (ICS). Their increased attack surface leaves these organizations particularly susceptible to cyberattacks, specifically in the supply chain.

SolarWinds and the Supply Chain
Awareness of supply chain attacks has been steadily growing over the past decade as major security incidents became known. These include the 2013 Target security breach, in which the credentials for a heating and air conditioning vendor were stolen and used to access the retail giant's network, or the 2017 NotPetya attack, in which several multinational corporations' software updates were affected by ransomware, shutting down company technology and crippling business. The recent SolarWinds Orion software attack brought attention back to the vulnerable nature of the supply chain and the urgent need for increasing security measures at all stages.

Related Content:

The Colonial Pipeline Attack Is Your Boardroom Wake-Up Call

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: A View From Inside a Deception

Months after the SolarWinds breach was disclosed in December 2020, details about the full extent of the damage are still being uncovered. The affected product was incredibly widely used, making it quite difficult to pinpoint exactly how the breach happened. This stresses the need for increased visibility in all areas of the supply chain — in both information technology (IT) and operational technology (OT). The increasing convergence of IT and OT networks has contributed greatly to the susceptibility of the supply chain, while increased visibility in both areas could have raised awareness of the attack's presence and the potential for preventing it.

Recovering From the Fallout
As we have yet to understand the full impact of the SolarWinds attack, recovering from it will be an ongoing process. Organizations and their security teams will tighten up policies and practices that they may have loosened in the past. There is growing pressure on the US government to take action to protect against a similar event. Even so, organizations that were and want to prevent being affected are increasing security measures and paying closer attention to the tools in their technology stack.

In addition to dealing with the fallout from the SolarWinds attack, organizations are still seeing effects from the COVID-19 pandemic. The increase in remote workers and delays in rolling out new equipment and upgrading existing equipment created security gaps. Ransomware attacks are also on the rise, specifically targeting critical infrastructure that cannot afford downtime caused by an attack and are therefore more likely to pay up. Attacks could come in the form of stealing sensitive data, malware, identifying valuable assets in the network, or even targeting specific equipment and operating systems.

Given these factors, we must pay special attention to the COVID-19 vaccine supply chain. Just as the pandemic shaped security risks in 2020, the vaccine supply chain's susceptibility to attacks could shape security in 2021. So much time, money, and effort have gone into the vaccines' development as well as their manufacturing and distribution plans. These organizations are facing an unprecedented level of criticality to ensure the reliability and safety of the product.

Protecting the Supply Chain
Given all the threats posed to supply chains, IT and OT security professionals must prepare themselves and their organizations to defend against the attacks that are likely to come in the near future.

One of the most important changes organizations can make to bulk up supply chain security is turning attention to the outside vendors and partners that have access to their internal systems. The first step is to identify how external partners gain access to internal systems and who is responsible for them. There should be continuous communication among security partners, vendors, contractors, and internal supply chain decision-makers to ensure complete visibility into systems.

Another important step is to maintain an asset inventory and invest in segmentation to maintain security for each asset individually. Our research found that 71% of ICS vulnerabilities disclosed in the second half of 2020 were remotely exploitable through network attack vectors. Segmenting out assets helps ensure that should one part of your asset inventory suffer a security breach, the rest will not be compromised.

A few other steps to ensure safety in the supply chain include implementing solutions to overcome specific OT security challenges, adhering to industry-specific Cybersecurity and Infrastructure Security Agency (CISA) recommendations, and ensuring your C-suite and executives are involved in industrywide initiatives that share operational concerns, solutions, and processes.

By learning from past attacks and taking the necessary steps, organizations will be prepared to navigate the changing ICS risk and vulnerability landscape for supply chains in 2021 and beyond.

Chen Fradkin is a security researcher at industrial cybersecurity company Claroty with over seven years of experience researching ICS and IT network security. She specializes in analyzing all components of network security, from protocols and topology to connected devices, as ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file