Attacks on critical infrastructure
The explosion of the Soviet gas pipeline in 1982 was one of the first well-known instances of critical infrastructure being targeted through a software modification that contained a hidden malfunction.
In this instance, the Soviets were stealing Western technology and the CIA slipped the flawed software to them without their knowledge. While the explosion itself didn’t cause any fatalities, it did cause some damage to the Soviet economy as per Washinton Post.
With the intensification of hybrid warfare, we have seen multiple attacks on ICS-based critical infrastructure in Europe and the Middle East. These attacks were designed not just to destabilize the systems but also to cause a major kinetic impact.
No systems or assets are out of bounds today. State-backed actors from countries like North Korea are not just after technology and revenue but also act as conduits for other countries to infiltrate the critical infrastructure of their adversary nations.
Read more: Buyers guide to OT/ICS cybersecurity solutions
A case study
In a recent instance, Sectrio’s Asset Research Team uncovered an anomaly in hardware supplied to a critical infrastructure operator. In this instance, same OEM supplied was supposed to supply the same hardware to two divisions of the same business.
However, the hardware supplied to one entity, when examined, showed a deviation that was found to enable a backdoor communication with an obscure server using a now obsolete protocol that was sparingly used in the 90s.
The OEM in this case claimed that the anomaly was a generational remnant from an old version. How it made its way to only one piece of hardware and not the other is a question that was not answered to our satisfaction.
The hardware belonged to the same batch and even had sequential serial numbers adding to the mystery.
This could be a genuine error but it is an error that could potentially be exploited by a bad actor.
Supply chain challenges
As the Lebanon episode clearly showed, OEMs now have to ensure the integrity of their hardware well beyond their shop floors. ICS/OT operators should also watch out for anomalous behaviors and risky interactions that could jeopardize operations and plant safety levels.
One way of offsetting these challenges is to ensure the systems undergo Security Acceptance Tests (SAT) along with Factory Acceptance Tests (FAT). This will ensure the integrity of the assets and call out any security issues before they are added to the infrastructure.
A ‘maker-checker’ approach is the way to go.
Recommended cybersecurity measures to risk-proof ICS assets
While IEC 62443 and NIST CSF-based risk assessment and gap analysis is a good place to start, the outcomes of such an assessment can and should be used across the enterprise to improve security posture.
Here are some of the other steps that can be taken to secure ICS and OT assets and infrastructure:
- Network segmentation is a must-do. All key assets can be placed behind microsegmented zones that provide an added layer of security. This could also be paired with granular controls for crown jewels or legacy systems
- Security acceptance tests should be considered a priority for new assets before adding them to the network
- Network threat detection and vulnerability management are also essential. All vulnerabilities should be addressed in a time-bound manner
- Security responsibilities should be clearly identified and assigned
- Security operations teams should be enabled to operate efficiently without fatigue.
Talk to us to learn how your crown jewels and assets can be protected through a custom-built ICS/OT cybersecurity plan. Contact us now!
Reach out to us now.
Conduct an IEC 62443/NIST-CSF based risk assessment and gap analysis now!
Book a consultation with our OT/ICS cybersecurity experts now. Contact Us
Thinking of an ICS security training program for your employees? Talk to us for a custom package.
*** This is a Security Bloggers Network syndicated blog from Sectrio authored by Prayukth K V. Read the original post at: https://sectrio.com/blog/exploding-pagers-asset-centric-warfare/