Threats to manufacturing industrial control systems (ICS) infrastructure come from multiple sources. Cyberattackers seeking financial gain target this infrastructure for ransom as the cost to recover a compromised system can be massive, while threats also come from nation-state and ideologically motivated attackers, who target operational capabilities. They view our largest process control and manufacturing networks as targets for destruction, to harm critical infrastructure operations, or worse, to harm personnel, through intentional corruption or cessation of ongoing operations. Current events show us that, sooner or later, cyberattackers will successfully penetrate these manufacturing networks.
A Look at History
Stuxnet, documented in 2011, targeted the centrifuges used by the Iranians to build nuclear weapons. The Stuxnet attack was designed to spin the centrifuges at high-end limit speeds so that they would effectively self-destruct, and in the process potentially send radioactive material spewing in all directions. Stuxnet was the first successful weaponized malware to be unleashed on the world. It broke the security of an isolated network and was socially engineered to jump the “air gap” successfully. This use of weaponized malware has set the stage for the development of targeted attacks against manufacturers and the industrial control systems they use.
In 2017, WannaCry ransomware emerged to impact over 200,000 systems worldwide. WannaCry, although not engineered to specifically target industrial control systems, still managed to impact manufacturing in Renault and Nissan facilities.
Both the volume and intensity of sophisticated cyberattacks will continue to increase for the foreseeable future. A recent Verizon survey determined that approximately 54% of surveyed companies experienced an industrial control security incident and of these approximately 38% experience multiple events, ranging from two to as many as 25 events.
Why is Manufacturing so Vulnerable?
Manufacturing networks generally have missing software updates and patches, substantial internet of things (IoT) devices, connected mobile devices, and embedded processors. Embedded processors in industrial control systems devices are almost always going to have out-of-date and unpatched operating systems. As cyberattackers perform reconnaissance they determine the versions of software you are running, and then identify the relevant exploits they need to infiltrate your systems.
Despite this, most ICS teams do not keep up with required patches and updates. Industrial engineers fear that the installation of security patches could destabilize production systems, bring new problems and, in some cases, totally stop ongoing operations. There is more fear of production failure than of a possible debilitating cyber event.
Manufacturers have moved swiftly to eliminate cabling and old proprietary wireless protocols by replacing it with the low-cost wireless connectivity brought by standardized IoT chipsets. Standard defense-in-depth cybersecurity software, even if you can set it up in a process control network, does not protect IoT devices. You cannot load standard cyber defense software in IoT devices and you do not have visibility to what is happening inside of them. Once malware tools jump the gap into an industrial control systems network, they can often instantaneously find safe haven inside of IoT devices.
On top of this, a multitude of case studies shows us that failures occur due to policy violations. The failure of “air gaps” and the policies to support them are common in the manufacturing and industrial control system arena.
New Best Practices Bring the Zero Trust Network to Manufacturing
New best practices define a structure for ICS networks designed around the concept of Zero Trust, coined by Forrester Research in 2009. It was Forrester’s position that the current practice to treat the internal TCP/IP network as trusted and the external networks as untrusted were inherently flawed.
A Zero Trust environment uses your existing TCP/IP network and cyber defenses and combines them with network-based moving target defense (MTD) and micro-segmentation technologies. This Zero Trust environment enables defenders to leapfrog the tactics, techniques, and procedures of the best military-grade attackers.
The key to exploiting missing updates and security patches is to first find them. MTD and micro-segmentation severely restrict an attackers network visibility and lateral movement. Instead of being exposed to potentially dozens of vulnerabilities, the attacker is contained at the originally infected endpoint without the visibility to see unpatched vulnerabilities. The attackers cannot enumerate the network, cannot lookup vulnerabilities, and cannot identify the corresponding exploits. They have no ability to identify and leverage missing updates and patches. Cyberattackers cannot target what they cannot see, and cannot attack without a target.
Zero Trust also enables you to use your existing IoT devices and to confidently continue to bring in new IoT devices. Once again, if the attacker cannot find these targets, see the network, and move laterally within it, the attack is effectively over.
Even if an attacker has previously enumerated the network prior to the installation of a Zero Trust capability and has obtained the specific IP address of the target, that address will not work in a Zero Trust environment and the device will remain safe.
This is particularly useful for industrial control system environments which include a large number of device embedded processors and older operating systems for which the cost and process of replacement are prohibitively high. With a Zero Trust environment, you are able to realize the full life cycle of these systems and protect their connected networks from cyberattacks.
Conclusions
The strategy to defend your ICS network by relying on a strong perimeter has proven to be insufficient to defend against sophisticated attackers. Air gaps and other strategies that depend on policies that attempt to control human behavior are prone to error and eventual breaches.
All IoT devices, both old and new, will remain vulnerable for some time to come.
It is a daunting and almost impossible task for organizations to apply patches and updates as fast as recommended or required — this will not change anytime soon. Embedded processors will remain a core component of ICS networks. Yet, for many of these older devices, updates, and patches may no longer be available.
New best practices bring the Zero Trust network to manufacturing industrial control systems. Zero Trust, using moving target defense and micro-segmentation technologies, can successfully mitigate the risk associated with missing updates and patches, older embedded processors, unprotected IoT devices, and failures in perimeter and “air gap” based defense.
Mike Simon is President and CEO of CryptoniteNXT.