ICS Security: Current Trends, Threats, and Ideas

ICS Security: Current Trends, Threats, and Ideas

Rick Kaun

Industrial Control Systems (ICS) face a wide range of security threats every day. In today’s digital world, these threats become more advanced. At the same time, the industrial world continues to grow more reliant on control systems. Because of this, it is more important than ever to ensure you have a solid understanding of the importance of Industrial Cyber Security and keep a keen eye on emerging security trends and threats.

.Verve Industrial


Current ICS Security Landscape

Technology is a fast flowing stream. There is a constant need to learn, research, share ideas and educate ourselves on what is working and what needs improvement. Continually evolving your cyber security solution from fundamental practices like patching and backups to rolling out advanced monitoring, alerting and response tools are the mainstay of any ICS cyber security program.

A SANS Institute survey on securing Industrial Control Systems published in June 2017 says a lot about the current attitudes towards ICS security in the industry. The survey polled hundreds of cyber security professionals in ICS to gather relevant information and determine the attitudes of these practitioners about the security of their systems, threats, and defense. 

According to the survey, the top three business concerns for ICS professionals were:

  1. Ensuring reliability and availability of control systems
  2. Lowering risk/improving security
  3. Ensuring health and safety of employees

When it comes to security, the survey found that 69% of practitioners consider the threat to ICS systems to be high or severe. However, over 50% responded that they spend less than 25% of their current time on ICS cyber security, with half of those spending less than 10%.

Practitioners’ top four threat vectors were:

Verve SANS threats infographic.jpg

The survey notes that the fourth top concern, extortion, including ransomware, had almost double the percentage as in 2016 (18%). This indicates that as digital threats evolve to become smarter, ICS professionals are much more concerned about them. And they should be. 

Even the U.S Department of Homeland Security has made comment on the need for ICS asset owners to take threats seriously. The recent ICS-CERT states:

[H]acktivist groups are evolving and have demonstrated improved malicious skills. They are acquiring and using specialized search engines to identify Internet-facing control systems, taking advantage of the growing arsenal of exploitation tools developed specifically for control systems.”

 

Malware's Impact on ICS

ICS threats cause significant damage to all types of industrial plants, some in terms of lost time or production and others, more dangerously, with actual physical damage. Most threats, but not all, are financially motivated, demanding excessive payment for the removal or cessation of the malware.

Some notable examples of the damage caused to ICS by malware throughout history are:

Verve cyber attacks graphic.jpg 

Content for graphic from IBM X-Force report

 

Recent and Current Cyber Threats to ICS

While most ICS professionals are aware that cyber threats are out there, many may not be aware of the extent, or the sheer number, of threats present at any given time.

It may be shocking to realize that a Kaspersky Lab report discovered approximately 18,000 variants of 2,500 different malware families on ICS computers in the first half of 2017. At least some of these threats showed up on over 20% of ICS computers.

An IBM X-Force report found that cyber attacks targeting Industrial Control Systems increased over 110% from 2015 to 2016. The report also states that Canada, the US, and the UK were attacked the most frequently.

Currently, the most common type of ICS attacked are SCADA systems. According to the IBM report, SCADA attacks grew increased by 636% in just two years between 2012 and 2014. 

Some of the most significant threats that presented themselves this year, and are potentially still a threat include:

 

WannaCry Ransomware

The WannaCry ransomware attack was a worldwide cyberattack that started in May 2017. WannaCry is a ransomware cryptoworm that targeted computers running Microsoft Windows operating systems by encrypting data and demanding a Bitcoin ransom for its return.

The initial attack is thought to have affected over 230,000 computers in 150 countries with many new versions, or variants, of the ransomware appearing over time. In fact, it was the ransomware with the greatest rate of infection in the Kaspersky study at 13.4% of computers affected.

As with any digital threat, there were various actions ICS practitioners could take to prevent their systems being compromised by WannaCry. Verve Industrial recommended the following:

Verve Industrial WannaCry graphic.jpg

 

Locky Ransomware

This ransomware was released in 2016, but continued to be very active and prevalent in 2017. As with many recent malware attacks, Locky was delivered as an email that appeared be an invoice needing payment with an attached Microsoft Word document that led to the encryption of data and the demand for bitcoin payment.

Locky managed to infect 10.7% of all ICS computers assessed in the Kaspersky survey.

 

Industroyer Malware

While WannaCry and Locky ransomware presented a serious threat to industrial control systems, most of the affected organizations were not industrial in nature and included governments, universities, and hospitals. The Industroyer malware, aptly named, was designed to disrupt the working process of ICS specifically. It is the fourth known malware to do so.

The initial Industroyer attack came in December 2016 on Ukraine’s power grid. The attack cut power off to Kiev, Ukraine’s capital, for one hour. The Kaspersky study identified around 500 companies in 50 countries that fell victim to this malware.

The event in Ukraine is widely considered by cybersecurity experts to have been a large-scale test of the malware. This means the threat the ICS from Industroyer is still present, and ICS Security teams should remain vigilant for variants of the malware.

 

How Verve Industrial Protects Against ICS Cyber Attacks

The Verve Security Centre (VSC) dramatically improves cyber security for Industrial Control Systems. The security solution is designed by a team with a unique combination of deep ICS expertise and extensive cyber security knowledge. The team is fiercely dedicated to Industrial Cyber Security and stays up-to-date with the latest trends, threats, and compliance standards. 

The Verve Security Center is a cyber security solution that:

  • Protects all ICS devices – from Windows boxes to Linux devices to proprietary IEDs, relays, and I/O cards
  • Protects all vendors’ equipment (GE, Emerson, ABB, Schweitzer, Rockwell, etc.) in one security platform
  • Includes OT-specific best-in-class tools for each of the critical cybersecurity practices (e.g., patch management, backup management, application whitelisting, SIEM, etc.)
  • Unifies those elements into a single console for improved security and compliance insights
  • Is proven in the field– deployed at hundreds of sites on thousands of assets

If you are interested in finding out what the Verve Security Centre can do for your organization, request a free demo or download the VSC brochure.

 

Verve Security Center Brochure
OT cyber security expertise, trends and best practices to protect your industrial systems

Recent Blogs