Cyber security is about more than just protecting computer systems. In 2014, hackers caused massive damage to a German steel mill, after a cyber attack disrupted its control system, preventing a blast furnace from shutting down.
More recently, hackers hijacked the systems of two power distribution companies in Ukraine and cut power to more than 80,000 people. It’s clear that Cyber attacks on Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition systems (SCADA) can cause real damage to physical industrial infrastructure.
One of the most well-known SCADA attacks in recent history is the 2010 Stuxnet attack on an Iranian nuclear facility. Stuxnet is a type of malware that has since become known as one of the world’s first ‘digital weapons’.
While the origins of the attack remain hotly debated, the fallout was clear. Centrifuges used to enrich uranium at the nuclear facility were failing at an unprecedented rate, hampering the country’s nuclear energy program.
The attack marked the beginning of a steady rise in cyber attacks on industrial networks, systems, and equipment. As industrial equipment becomes increasingly connected, the risks of such attacks are also on the rise.
New exploits are being created all the time. Today’s cyber-attacks on ICS and SCADA systems are becoming incredibly targeted, sophisticated, and persistent. At the same time, more industrial systems are hooked up to internet-connected networks.
Traditionally, many industrial control systems operated as standalone elements, and were ‘air-gapped’, having never been connected to other internet-connected networks. This is changing, with industrial systems and equipment being connected for automation or remote control purposes.
In addition, many SCADA control systems are managed from ageing Windows servers and desktops, such as Windows XP. These cannot be upgraded as the control software doesn’t run on newer versions of Windows or the upgrade cost is prohibitive.
This leaves organisations in a precarious position. In Australia, the resources industry, with its rising use of automated equipment, has been a major target for hackers. But other sectors are also at risk. These include the electric power, water, chemical, petroleum, manufacturing, and transportation industries.
Such attacks on industrial infrastructure can carry a risk of catastrophic consequences, including anything from system failure to equipment damage and worker injury, or even death. Therefore, understanding these advanced threats and how to mitigate them is essential for Australian facility managers.
To avoid such infrastructure attacks, Australian manufacturing and utility organisations can easily deploy extra cyber security measures.
There are several other steps organisations can take to help protect themselves from SCADA and ICS attacks, for example:
- Use advanced cyber protection Measures such as next-generation firewalls work by building a SCADA security zone, which isolates processes from the rest of the network and creates a safety hub.
- Secure access to the SCADA zone Processes should be put in place to tie security policies with user identities to ensure non-authorised users are denied access. Systems such as a Secure Sockets Layer (SSL) Virtual Private Network (VPN) can achieve this.
- Eliminate the risk of having to manage multiple ports Management or backdoor applications like RDP and Telnet can help ensure each port is protected.
- Deploy a complete vulnerability protection framework An entire framework will inspect all traffic traversing the SCADA zone for exploits, malware, botnet, and targeted threats.
- Ensure protection from unsupported operating systems Using a next-generation firewall effectively detects and defends against Windows XP and SCADA application-specific attacks across the network, so organisations using SCADA environments have ongoing protection despite the withdrawal of support for Windows XP.
As cyber attacks on SCADA and ICS systems become even more targeted, sophisticated, and persistent, businesses need to understand where threats are coming from, and realise that it is now essential to invest in ways to mitigate or respond to them.
Businesses that fail to protect their SCADA and ICS systems are increasingly risking potentially catastrophic consequences.
Putting appropriate threat intelligence and risk prevention measures in place is crucial, and businesses must make an effort to invest time and resources to implement the right countermeasures to guarantee maximum protection of critical infrastructure.