ICS Security: Current Trends, Threats, and Ideas

ICS Security: Current Trends, Threats, and Ideas

Rick Kaun

Industrial Control Systems (ICS) face a wide range of security threats every day. In today’s digital world, these threats become more advanced and numerous, seemingly daily. At the same time, the industrial world continues to grow more reliant on control systems. Because of this, it is more important than ever to ensure you have a solid understanding of the importance of Industrial Cyber Security and keep a keen eye on emerging security trends and threats.

.Verve Dec blog pic.jpeg

Current ICS Security Landscape

Technology is a fast flowing stream. As such there is a constant need to learn, research, share ideas and educate ourselves as to what is working and what needs improvement. Continually evolving your program from fundamental practices like patching and backups to rolling out advanced monitoring, alerting and response tools are the mainstay of any ICS cybersecurity program.

A SANS Institute survey on securing Industrial Control Systems published in June 2017 says a lot about the current attitudes towards ICS security in the industry. The survey polled hundreds of professionals in the field of ICS in order to gather information and determine the attitudes of these practitioners about the security of their systems, threats, and defense. 

According to the survey, the top three business concerns for ICS professionals were:

  1. Ensuring reliability and availability of control systems
  2. Lowering risk/improving security
  3. Ensuring health and safety of employees

When it comes to security, perhaps most importantly, the survey found that 69% of practitioners consider the threat to ICS systems to be high or severe. However over 50% responded that they spend less than 25% of their current time on ICS cyber security, with half of those spending less than 10%.

Practitioners’ top four threat vectors were:

Verve SANS threats infographic.jpg

The survey notes that the fourth top concern, extortion, including ransomware, had almost double the percentage as in 2016 (18%). This indicates that as digital threats evolve to become smarter, ICS professionals are becoming much more concerned about them. And they should be. 

In fact, even the U.S Department of Homeland Security has made comment on the need for ICS asset owners to take threats seriously. The recent ICS-CERT states:

[H]acktivist groups are evolving and have demonstrated improved malicious skills. They are acquiring and using specialized search engines to identify Internet-facing control systems, taking advantage of the growing arsenal of exploitation tools developed specifically for control systems.”


What Could Malware do to ICS?

ICS threats can cause significant damage to any sort of industrial plant, some in terms of lost time or production and others, more dangerously, with actual physical damage. Most, but not all, are financially motivated, demanding excessive payment for the removal or cessation of the malware.

Some notable examples of the damage caused to ICS by malware throughout history are:

Verve cyber attacks graphic.jpg 

Content for graphic from IBM X-Force report

Recent and Current Cyber Threats to ICS

While most ICS professionals are aware of the fact that cyber threats are out there, many may not be aware of the extent, or the sheer number, of threats present at any given time.

So it may be shocking to some to realize that a Kaspersky Lab reportdiscovered approximately 18,000 variants of 2,500 different malware families on ICS computers in the first half of 2017. And, at least some of these threats showed up on over 20% of ICS computers.

An IBM X-Force report found that cyber attacks targeting Industrial Control Systems increased over 110% from 2015 to 2016. The report also states that Canada, the US, and the UK were attacked the most frequently.

Currently, the most common type of ICS attacked are SCADA systems. According to the IBM report, SCADA attacks grew increased by 636% in just two years between 2012 and 2014. 

Some of the most significant threats that presented themselves this year, and are potentially still a threat include:

  • WannaCry ransomware
  • Locky ransomware
  • Industroyer malware

WannaCry Ransomware

The WannaCry ransonware attack was a worldwide cyberattack that started in May 2017. WanaCry is a ransomware cryptoworm that targeted computers running Microsoft Windows operating systems by encrypting data and demanding a Bitcoin ransom for its return.

The initial attack is thought to have affected over 230,000 computers in 150 countries with many new versions, or variants, of the ransomware appearing over time. In fact, it was the ransomware with the greatest rate of infection in the Kaspersky study at 13.4% of computers affected.

As with any digital threat, there were various actions ICS practitioners could take to prevent their systems being compromised by WannaCry. Verve Industrial recommended the following:

Verve WannaCry graphic.jpg

Locky Ransomware

This ransomware was released in 2016 but continued to be very active in 2017. As with many recent malware attacks Locky was delivered as an email that appeared be an invoice needing payment with an attached Microsoft Word document that led to the encryption of data and the demand for bitcoin payment.

Locky managed to infect 10.7% of all ICS computers assessed in the Kaspersky survey.

Industroyer Malware

While WannaCry and Locky presented a serious threat to industrial control systems, most of the affected organizations were not industrial in nature and included governments, universities, and hospitals. The Industroyer malware, aptly named, is designed to disrupt the working process of ICS specifically. It is the fourth known malware to do so.

The initial Industroyer attack came in December 2016, on Ukraine’s power grid. The attack cut power off to Kiev, Ukraine’s capital, for one hour. The Kaspersky study identified around 500 companies in 50 countries that fell victim to this malware.

The event in Ukraine is widely considered by cybersecurity experts to have been a large-scale test of the malware. This means the threat the ICS from Industroyer is still present, and ICS Security teams should remain vigilant for variants of the malware.

Verve Protects Against Cyber Attacks on ICS

The Verve Security Centre (VSC) dramatically improves cybersecurity for Industrial Control Systems. The system is designed by team with a unique combination of deep ICS expertise and extensive cybersecurity knowledge. We are totally dedicated to Industrial Cyber Security that stays up-to-date with the latest trends, threats, and compliance standards. 

The Verve Security Centre is a cyber security solution that:

  • Protects allICS devices – from Windows boxes to Linux devices to proprietary IEDs, relays, and I/O cards
  • Protects allvendors’ equipment (GE, Emerson, ABB, Schweitzer, Rockwell, etc.) in one security platform
  • IncludesOT-specific best-in-class tools for each of the critical cybersecurity practices (e.g., patch management, backup management, application whitelisting, SIEM, etc.)
  • Unifies those elements into a single console for improved security and compliance insights
  • Is proven in the field– deployed at hundreds of sites on thousands of assets

If you are interested in finding out what the Verve Security Centre can do for your organization, request a free demo today.

Join Verve at AEC, Edmonton

Verve's Industrial Security Solutions
Verve Security Center Brochure

More Posts

Subscribe to Email Updates