It can be argued that industrial facilities have taken to digital transformation much earlier than other enterprises. While it’s only now that some businesses are committing to adopting digital tools, factories have been using robots and programmable logic controllers (PLCs) decades before the dotcom boom of the nineties. Industrial cybersecurity comes to the forefront as industries increasingly adopt digital technologies.
Contributed by Joshua Blackborne
What’s probably sweeping industries today are technologies that rely on connectivity: the cloud, mobile computing, and the Internet-of-Things (IoT). These technologies offer some very exciting applications. The cloud has allowed organizations to shift part of their IT infrastructure off-premises and easily scale their available computing resources. Mobile computing and connectivity have allowed engineers to monitor and control their machines remotely. Sensors and robots are now even smarter, and through the IoT, are capable of interfacing with external artificial intelligence (AI) or analytics engines that allow these machines to automatically adjust for greater efficiency even without human intervention.
The need for Industrial Cybersecurity
However, this increasing connectivity of industrial facilities is now also raising cybersecurity concerns calling for more attention to industrial cybersecurity. Previously, industrial facilities were largely air-gapped, so hackers had to manipulate staff through social engineering attacks, or infiltrate facilities themselves. But as more industrial IT components connect to the internet, they become more exposed to cyberattacks from advanced persistent threats (APTs).
“Industrial facilities have become more connected. Cloud computing has prompted a growing number of enterprises to shift their workload online. More facilities are also incorporating smart devices into their infrastructure. Unfortunately, this is also expanding the attack surface. Given how tenacious threat groups are these days, increasing connectivity can make these enterprises vulnerable to attack,” Oren Eytan, CEO of enterprise cybersecurity firm odix, shares.
Here are three areas where industries are becoming more connected and how they can expose infrastructure to possible attacks:
Adoption of Cloud Components
One area that should concern industries regarding their cybersecurity is their adoption of cloud computing. For many organizations, the emergence of cloud computing has been a boon. They can now essentially outsource their computing needs to providers, lessening the need for acquiring and maintaining servers and applications on-site.
Unfortunately, cloud instances can be compromised whether through vulnerabilities at the provider’s end or through weak access controls at the user’s end. Hackers can then steal, hijack, and destroy critical data. They can even perform supply chain hacks that could introduce malicious code or malware into the company’s cloud storage and repositories. Access to these cloud components is often whitelisted, allowing malware to reach the facility’s infrastructure unhindered.
“What could be more troubling is that hackers have become crafty, disguising their malware within legitimate files. They can even feature polymorphic code that continuously changes, allowing it to evade conventional signature-based detection. What’s often needed is for enterprises to integrate solutions like content disarm and reconstruction that can sanitize all files coming into the network, whether through email or repositories, to ensure that they are safe,” Eytan adds.
Introduction of Smart Devices and IoT
Another way that industries are becoming more connected is through the adoption of smart IoT devices. Previously, industries relied on PLCs to control their machinery which had limited connectivity outside facilities. Today, sensors and robots are connecting directly to the Internet, allowing them to readily send and receive data, or be remotely controlled.
However, since these devices directly access the Internet, it’s possible for attackers to quickly interface with them. Unless they are equipped with capable security features, they may easily be compromised. One only has to recall how the Mirai malware compromised hundreds of thousands of low-security IP cameras and home routers and made them part of a massive botnet that nearly took down the Internet in 2016.
“It’s reasonable for companies to be concerned about the security of IoT device deployments in industrial environments. Each device has an associated risk to data and operational integrity. A compromised internet-connected device could create a pathway for attacks on connected systems, including critical control systems,” writes Sid Snitkin, VP of industry and infrastructure advisory firm ARC.
It is critical then for enterprises to be aware of these concerns and look to integrate only those devices have ample security features such abilities to change default administrator credentials, disable unused features, and update device firmware and applications. The industry has been working toward promoting device certification through bodies like ISASecure but manufacturers have yet to make this practice standard.
Use of 5G for Industrial Applications
5G is set to explode this year as more areas and territories get better coverage. In the U.S., service providers are already gearing up to launch their mobile 5G services in major cities. Manufacturers have already released 5G-capable devices in their flagship and premium models. The feature is expected to trickle down to their more mainstream models as wider coverage becomes available.
Aside from being capable of gigabit-level speeds, 5G is supposedly capable of much lower latency. This becomes a definite advantage where faster response times are critical, especially for remotely controlling devices, and machinery that requires precision. Self-driving cars can receive traffic and road data coming from external sources sooner, allowing them to make real-time adjustments. In Healthcare, this could enable remote robotic surgery to be done in even the most isolated locations.
But the use of wireless connectivity has its weaknesses as well. Hackers can perform man-in-the-middle attacks where they hijack signals or use fake cell towers so that they can steal data in transit or even inject malware into connected devices.
Committing to Industrial Cybersecurity
Enterprises now have to weigh the risks and benefits of adopting these new technologies. As businesses, they would definitely want to leverage better connectivity to improve efficiency and enable new use cases.
Still, they also have to seriously consider the cybersecurity threats that adopting these technologies can introduce to their infrastructures. Fortunately, security solutions providers are continually developing their tools to accommodate all these changes.
Organizations and facilities must ultimately revisit their security strategies and practices to ensure that they keep their perimeters secure even if they choose to introduce new components and endpoints to their infrastructure.
CISO MAG did not evaluate the advertised/mentioned product, service, or company, nor does it endorse any of the claims made by the advertisement/writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.