Just as in the digital and virtual worlds, numerous threats can affect Industrial Control Systems (ICS) of any type of Critical Infrastructure, many of which are comprised of hardware and software from the late 1970s to early 1980s. Some of the threats are as follows:
- Air gapping will no longer work. Many pieces that make up a Critical Infrastructure were built in the late 1970s to early 1980s. Because of how long they have remained in place, one cannot just rip out these old pieces and replace them with new technology. When such legacy systems were installed, of course, the threat of Cyberattacks was not even a concern. The main point of contention was that Physical Access Entry. For example, what if an impostor was able to gain entry to the ICS and misconfigure any settings? Or what if a rogue employee was intent on launching an insider attack? One of the most extensive security measures available at that time was what is known as “Air Gapping.” This is very similar to dividing up your IT/Network Infrastructure into different Subnets. With Air Gapping, the ICS network was wholly isolated from the rest of the Critical Infrastructure.
The theory was that if an insider attack were launched, any effects from it would not be transmitted down to the ICS System. Unfortunately, Air Gapping is not a feasible solution to protect against Cyberattacks. The main reason for this is that both the physical and digital/virtual worlds are now coming together as one unit through a phenomenon called the “Industrial Internet of Things.” Because of this, trying to protect the ICS Systems is now proving to be a challenging task because, once again, you simply cannot put in a new security system to protect it. Instead, they have to be added on as separate components, but the key is that each one must be interoperable with the legacy ICS network.
- Legacy hardware and software components are outdated. Because of the major difficulties in finding the right security tools to add on, many Critical Infrastructures are still using outdated hardware and software components. Among the most at risk to a Cyberattack are the following:
- *Programmable Logic Controllers (PLCs)
- *Remote Terminal Units (RTUs)
- *Distributed Control Systems (DCSs).
The devices mentioned above are typically used to manage the processes and the sub-processes of the ICS network. Because Cyberthreats did not exist when ICS networks were created, those units of hardware and software were not built with any authentication mechanism or even encryption. Even today, these components are more than likely unprotected. As a result, anybody who can network access to the Critical Infrastructure could move laterally and access those particular devices and shut them off within minutes. The result of this would be quite disastrous.
For example, the flow of water, oil, natural gas, and even electricity could come to a grinding halt almost instantaneously, taking months to restore them back to their normal working conditions. In fact, in this situation a Cyberattacker does not even have to be at the Critical Infrastructure’s physical premises. Since the flow of network communications is done in a clear text format from within the ICS network, a Cyberattacker could be literally on the other side of the world and deliver their malicious payload to an oil refinery in the southern United States. Worse yet, many of the Operating Systems (Oss) used in Critical Infrastructure are outdated and no longer supported by Microsoft. These include the likes of Windows NT and Windows XP. Unfortunately, given the legacy structure of an ICS network, the IT departments at many Critical Infrastructures are typically far more concerned about maintaining their IT/Network Infrastructure’s stability. They take the view that any attempt to patch the components just described would simply result in unnecessary downtime or unexpected halts to critical operations which must be avoided at all costs.
- There is no clear-cut visibility. One of the most significant advantages of using a Cloud-based solution like AWS or Microsoft Azure is that they can let you see inside your infrastructure with 100% visibility, thus allowing you track down any malicious activity that is taking place. The exact opposite is true with an ICS, which offers literally no visibility. As a result, it is hard to detect any suspicious behavior until it is far too late. Thus, many of the settings in an ICS are difficult to configure properly to meet today’s demand for the basic utility necessities of the everyday American.
- The communications protocols are outdated. With today’s Remote Workforce today, various network protocols have come into almost daily conversation. For example, most people have heard of TCP/IP, IPsec, 5G wireless networks, etc. For the most part, the communication channels of these various protocols can operate together, to some degree or another, with minimal downtime, if any. However, that is not the case with an ICS network. Each one of them is outdated as well as proprietary in nature, developed decades ago. For example, this is most prevalent in the so-called “Control-Layer” protocols that are used. Because of this, this is yet another backdoor for the Cyberattacker to enter into. For example, the mathematical logic implemented in the ICS hardware can be easily changed around, resulting in an unintentional flow in mission-critical operations.
Unfortunately, Cyberattacks on ICS and their corresponding Critical Infrastructures are starting to gain traction this year. The good news is that, while these attacks have occurred, they have not done a lot of damage, unlike the usual digital threat variants that we hear about on an almost daily basis. But be warned: There will likely be a time and place where there could be a cataclysmic Cyberattack on Critical Infrastructure, attacking simultaneous targets at once, bringing a major US city to its knees for a long time. Unfortunately, the time it will take to find the right solution to protect an ICS could be too late, given their legacy-based nature.