Top 5 attacks on Industrial control systems/OT Security 2021–22

Industrial control systems (ICS) are isolated systems which are using proprietary control protocols for hardware and software. Low-cost Ethernet and internet protocols devices are replacing the older proprietary protocols/technologies which cause a lot of security risks. Nowadays ICS are designed as same as IT systems using industry-standard computers, operating systems (OS), and network protocols. The new integration provides great IT capabilities but it also creates a greater need to secure systems.

The modern ICS now exhibit increasing connectivity to the corporate (IT) networks to make use of the rich resource in IT networks. The increased interaction between ICS and IT networks has made them an attractive target for a variety of cyber-attacks. IT system security tends to focus on data protection and to follow the objective of the CIA model: Data confidentiality, Integrity, and Availability. However, for Operation technology (OT) system Availability is the main focus to keep things up and running.

The rise of attacks on ICS has been increased in recent years. In ICS, skilled attackers can manipulate sensor readings or control signals until the system crashes, while keeping the attack process hidden. The main challenge is linked to the fact that these systems typically control physical process that related to Power, Water, Gas, Oil, transport and other critical infrastructure. Let discuss the top 5 major cyber threats to the industrial control system. Following are the top 5 cyber threats to the ICS.

Hijacking PLC

PLC (Programming logic controller) is a programmable device to automated the industrial process. These devices act as controllers and help in the automation of specific processes, machine functions, or even an entire production line. PLC should have high priority for security. Attackers can install malicious firmware into the PLC if attackers can get access to it and can read and write new automation code to change the process which can disturb the whole automation process and cause a huge loss.

Attacks on SCADA systems

SCADA (Supervisory control and data acquisition) systems for gathering and analyzing real-time data. Mostly use for monitoring and remote controlling widely distributed processes such as water treatment and distribution, oil and gas pipelines and electric power transmission and distribution, etc. These systems are highly targeted by attackers because controlling vital systems like nuclear stations or power plants. Following are attacks SCADA system can face:

· Denial of service

· Code execution

· Privilege Escalation

· Buffer overflows

Data historian Attacks

Data historian is the centralized database located in the control system which supports the data archival and analysis using statistical process control techniques. Data historians stores the tag and reading of specific processes. Attackers can change the value in data historian which can affect the business process.

Weak network security

Weak network security in ICS is a big risk. Modern ICS communicate with different logic devices through their local network. Weak network security can let attackers get into your network who can allow malicious code to run in an ICS environment. It is the first stage of an attack which is reconnaissance that allows hackers to survey the ICS network environment and find weak holes. Network scanning devices, IDS, and firewalls should be deployed and only authorized ports are allowed for communication inside the network.

Insider attacks

Insider attacks are not much different than targeted attacks. In this attack, a resource within the organization does some malicious action to harm and disturb the organization's business process. The resource can be organization employees, any service providers, or contractors. Stuxnet can be one of the examples to understand insider attack, in which a resource from Iran nuclear plugged the infected USB into the system. Insider attack also false the air-gap myth.

Conclusion

Modern Industrial control systems are now integrated with modern technologies to add robustness and automation in the process. While making the process efficient security is a big concern that occurs. Daily new threats to ICS have been discovered by different security vendors. Special precautions should be taken to ensure security for your industrial control system and network.

Increase security using different automated and manual tools. Scan network for any vulnerability. Educate employees on security importance. Not allowing 3rd party to get unauthorized access to your system. Proper network traffic monitoring is needed to secure the Industrial control system network.