Michael Shalyt

Industrial control systems (ICS) have been running the show at industrial facilities for over 30 years. Though not designed for security, industrial control systems have been effectively hardened and isolated over the years. Today, ICS security is more or less on par with other networks like financial services, healthcare, and more — which is to say, industrial control systems are equally at risk.

The threat of cyberattack on manufacturing and other critical infrastructure networks is being taken seriously at the highest levels of government. And with good reason, since the frequency of such attacks grew a staggering 93 percent in 2015, according to PricewaterhouseCoopers. The issue is sufficiently important to have elicited a recent Presidential Proclamation from outgoing U.S. President Obama, significant attention from President-Elect Trump throughout his campaign and a joint statement from the G7 Energy Ministers.

Yet, governmental and regulatory attention is still focused largely on keeping hackers outside of critical systems. Unfortunately, hackers are becoming increasingly aware of the inner workings of industrial networks — finding and exploiting security flaws, vulnerabilities and misconfigurations.

The newest target for cyberattacks on manufacturing and infrastructure facilities is not industrial control systems themselves, but rather the data on which they rely.

Data Forgery: A Testament to Operational Resilience

Interestingly, the fact that cyber attackers are targeting the data that feeds ICS can be seen as a testament to the resilience of industrial control systems and operational procedures.

ICS and its accompanying procedures were designed to handle malfunctions and physical emergencies. Operational teams have years of experience managing faults, downtime and force majeure outages. They’re trained to react quickly to stop damage, minimize downtime, isolate the source of the problem and protect critical infrastructure.

This means that operational controls have a good chance of preventing severe damage from an attack on an industrial control system. But this chance is contingent on one key parameter: an awareness of the actual state of the plant.

Operational Awareness: The Keys to the Castle

Operational awareness is the Achilles Heel of industrial control systems at which data forgers are beginning to strike.

To circumvent operational resilience and inflict actual physical damage on industrial and infrastructure facilities, attackers need to effectively blind operators to the true operational state of their equipment.

This is easier than you might think. Decision-making at large-scale industrial and infrastructure facilities is based nearly entirely on data fed to the ICS system from thousands of sensors. These sensors range from legacy devices to brand-new IoT monitors. Yet all remain notoriously vulnerable to direct cyberattacks as well as hijacking of data as it moves from sensors to the control room. Breaching the plant’s operational data integrity and injecting false data, attackers enjoy a win-win scenario: they achieve attack goals and cover their tracks. In fact, operators may never even detect the attack… until the post-incident report.

Wanted: A Data Polygraph

Existing safety and sensor fault detection mechanisms cannot detect forged sensor data. This falsified data misleads the control systems, masks the actual physical state of the machines, reports false information, and leaves the operators in the control room blind to the true situation. 

To avoid both damage and actual physical danger, potentially bogus data must be exposed and the true state of operations revealed. To achieve this, a paradigm shift in industrial control systems security is required.

Basically, in addition to all existing safeguards, security professionals need a data polygraph to protect against data forgery.

Such a data polygraph, like the law enforcement version, enables the operational team to discover the truth — the integrity of the data they receive. Using advanced algorithms, these systems can identify and track the unique signal “fingerprints” of each sensor. These fingerprints exist, and are manifested within the exact fluctuations of reported signals, the physical micro-noise, and the unique system behavior within and between modes of operation. They exist, yet are not currently tracked or monitored.

Once a system fingerprint baseline exists for each sensor, deviations can be characterized and investigated, and the “truth” of a given dataset can be reasonably determined.

The Bottom Line

The vulnerability of industrial control systems is on the radar of industry and government alike. Yet the integrity of the data that drives these systems is no less mission-critical.

With growing awareness of the risks involved, security professionals at industrial and critical infrastructure facilities should leverage advanced technology to ensure that the data they see reflects the actual truth on the ground.

Michael Shalyt is VP of Product at Aperio Systems.