Industrial Networks Under Attack

Hackers and cyber security have become top-of-mind for executives tasked with protecting critical industrial systems

Since the discovery of the Stuxnet malware in 2010, industrial infrastructure has attracted some of the most sophisticated cyber attacks on record. Industrial networks and systems have become a key target for hackers. test

Even if your business is not focused in key critical infrastructure industries such as energy, water and transportation, many enterprises have a SCADA (supervisory control and data acquisition) or process control network somewhere within its organizational structure. These networks are undergoing the kind of attacks that previously had only been experienced by financial and government institutions.

Those network attacks pose a huge vulnerability — one you may never know you had.


The Industrial Network Challenge

In the past, industrial networks ran on proprietary networks, used proprietary equipment and were isolated from business networks and the internet. This was the era of “security by obscurity” and “security by air gap.”

Over the last decade, however, industrial networks have been migrating from proprietary systems to commercial off-the-shelf (COTS) technology. Although the adoption of Ethernet was initially slow, it has been rapidly increasing now that issues such as determinism (the ability to have predictable delivery of network packets) and rapid failure recovery (resolved by new redundancy protocols that offer low fail-over times) have been addressed.

In addition, increased demand for real-time industrial information meant connecting plant floors to enterprise networks and the internet. Keeping a modern industrial system running requires a constant stream of updates from the outside world — the result is that the industrial floor has become a hotbed of communications activity, and it is no longer isolated.

Furthermore, devices such as PLCs (programmable logic controllers) and DCS (distributed control systems) were designed with a focus on reliability and safety, rather than security — making many of them easy to exploit, particularly older units

Since industrial networks are often required to run at all times and withstand hazardous environments, many security policies are never deployed — operational necessities and safety regulations overrule them. Even traditional IT security strategies such as patching are often impossible, due to conflicting industry-specific regulations.

Add it up: vital networks with millions of hard-to-secure nodes, interconnected with enterprise networks and the internet; running 24 hours a day in heavily regulated environments with safety concerns; and the focus of the smartest security researchers and government warfare hacking programs in the world.

It’s a lot to contend with.


A High Threat Level

In the past, the main reason for securing industrial networks was to protect against inadvertent network incidents or attacks from insiders. Legacy industrial equipment such as older PLCs, DCSs and RTUs (remote terminal units) were not designed to elegantly handle malformed or heavy network traffic. In order to ensure reliable production, Industrial-specific firewalls were, and still are, used to permit only messaging required for operations.

The risk of an external malicious cyberattack — especially one targeted at industry — was considered minimal, until the rise of terrorism in the new millennium and the disclosure of the game-changing Stuxnet malware in 2010, which specifically disrupted the centrifuges used for uranium enrichment at Iran’s Natanz nuclear facility, thus proving that industrial sabotage by malware is possible.

Stuxnet was successfully introduced into an apparently air-gapped facility with the use of a USB key. Its discovery and the public release of its design had multiple impacts:

Stuxnet Legacy 1 – Security researcher focus on industrial systems: Stuxnet’s fame drew security researchers’ attention to hacking industrial systems and devices. In 2011, more industrial control system vulnerabilities were made public — many with exploit codes available on the internet — than in the entire previous decade.

This content continues onto the next page...