Protecting industrial network security is not an easy task. This is mainly because most industrial networks are built before cyber threats occur and there are no built-in external security controls. Understanding the primary threat facing these networks today is the first step to improving their security posture.
I. Industrial Network External Threats – APT, Targeted Attacks, and Others
External cyber attacks against the ICS network may be supported by political parties (ethnic states, terrorist groups, or radical hackers), but may also be partly industrial espionage. Based on the opponent’s motivation, the purpose of such attacks is various. For example, if it is politically motivated, the target of the attack is more likely to be caused by operational disruptions and physical destruction, and the objective of industrial espionage attacks is to consider stealing intellectual property more. Today, most industries, especially those involving critical infrastructure, are more likely to be targeted by politically motivated attacks. Their purpose is to cause disruptions in operations and physical destruction.
Even companies that do not worry about APT or targeted attacks because they are not in the critical infrastructure industry are vulnerable to collateral damage. This is because the politically motivated ICS cyberattacks that are intended to cause disruptions to the operational systems, and the exploit tools used, are aimed at technologies that are used by all industries. Such attacks inevitably affect non-target companies and their ICS networks.
Take for example the Zhennet worm for Iran. Siemens claimed that Seismic Network had infected at least 14 factories. The infected companies included the US energy company Chevron and the Russian civil nuclear power plant.
Second, internal threats – employees and contractors with ulterior motives
There have been many comments on the internal threats to IT networks, but industrial networks are comparable in risk to IT networks. Handheld ICS network legitimate access, employees, contractors and third-party integrators. Since most ICS networks do not have any authentication or encryption to restrict user activity, any insider can freely move around on any device in the network. Including monitoring and data acquisition systems (SCADA) and key controllers responsible for the entire industrial process life cycle.
A famous case in this area is the anti-water case of employees in the Maluche Wastewater Treatment Plant in Australia. The employee worked for a company that installed SCADA systems in Maroochyd County, Queensland. When he later applied for a job in the county’s municipal service agency, he was resentful and issued unauthorized instructions using (possibly stolen) equipment, causing 800,000 liters of untreated sewage to overflow into local parks, rivers, and even a Hyatt. Hotel floor. The environmental damage caused is quite extensive.
Third, human error – perhaps the biggest threat to ICS
Human error is unavoidable, but it can lead to high costs. For many companies, the risks associated with human errors may be more serious than internal threats. In some cases, human error is considered to be the greatest threat to the ICS system.
Human errors, including incorrect settings, configuration, and programmable logic controller (PLC) programming errors, can lead to dangerous changes in the workflow. Vulnerabilities that can be exploited by external opponents can also be caused by human error. For examples of common human errors, reference can be made to the situation where temporary connections for integrators are still open after the project ends.
Some mistakes are made when employees use “innovative methods” to get their jobs done. For example, if an employee needs to connect to the ICS network remotely but no secure channel is available, they will establish their own unauthorized remote connection. This unapproved connection may become a leak point and expose the industrial network to external attacks.