SCADA Archives - Securicon

Oil and gas, manufacturing, energy distribution and critical infrastructure – what do all these industries have in common? Aside from their indispensability, they all rely on operational technology (OT) such as industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices.

Collectively, these technologies control the world we live in, and OT-directed attacks can have a devastating impact. In contrast to traditional Information Technology based attacks, these Cyber-Physical attacks affect machinery and processes that have real world impacts to the industries and people they serve.

In 2021, we were reminded of this fact by the Colonial Pipeline attack, which nearly crippled gas supplies across the Eastern U.S. More recently, 9 out of 10 organizations reported that cyberattacks impacted their production or energy supplies within the last 12 months, with 56% seeing disruption lasting 4 days or longer.

Thanks to a combination of factors, OT-directed attacks – and traditional cyberattacks that impact OT systems – are steadily increasing, with government agencies increasingly taking notice. But why is this happening and how can you protect yourself in 2023? In this article, we’ll answer both questions.

OT Security Trends

OT threats have been on the rise for years, and while the factors behind this rise have largely remained consistent, they are being accelerated by larger trends affecting the IT landscape and business world in 2023.

1. OT Talent Gap

With the need for cybersecurity talent growing faster than the supply, ISC2 reported that global organizations were facing 3.4 million unfilled cyber positions in 2022.

This gap continues to impact OT worse than other fields, as OT environments are filled with a combination of specialized and legacy systems. According to one expert, there were fewer than 1,000 ICS cybersecurity experts around the world only five years ago, and improvements have not kept pace with OT threats.

2. Supply Chain Issues Driving IT/OT Convergence

IT and OT have been converging for long enough that SANS Institute recommended dropping the IT/OT nomenclature several years ago: today’s industrial environments are dependent on IT infrastructure, which makes OT systems vulnerable to IT-directed attacks.

With continued supply chain issues and economic downturn projected in 2023, organizations are being pushed to maximize efficiency, meaning an influx of industrial IoT (IIoT), cloud apps and other Internet-facing surfaces that drive OT threats.

3. Geopolitical Conflict

Given the critical role that OT plays in supporting national industry and infrastructure, it is a common target for nation-state actors and politically motivated advanced persistent threat groups (APT) groups.

According to one study, hacking and reconnaissance against government bodies accounted for 48% of Internet traffic monitored across all public-sector organizations in 2022. As geopolitical conflict increases around the world, politically motivated cyberattacks of all types can be expected to rise even higher.

4. OT-Directed Attacks

In the past, OT threats have tracked IT threats closely, with many OT security incidents occurring as a side effect of malware or traditional cyberattacks. Now, threat actors are increasingly optimizing their attacks for ICS and SCADA devices, including systems from specific manufacturers.

Last April, the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory with several federal agencies warning that APT groups had developed a malicious ICS framework known as “PIPEDREAM,” tailored for devices found throughout OT environments.

The Impact of OT Threats

Attacks on control systems can accomplish many things, none of them good. Limiting the scope of risk to those that directly impact an organization, they include:

Data theft – exposing operationally significant data to intruders and leaking proprietary information like intellectual property.
Operational disruption – leading infrastructure to function improperly or even shut down. This may cause significant risk to human life and safety within operating facilities.
Financial loss – with the rise of ICS ransomware, an OT attack can directly rob an organization. Beyond that, the cost to remediate any incident may be high, and extended periods of disruption can cause a loss in revenue.

Beyond an organization’s people and bottom line, it goes without saying that OT systems control a nation’s infrastructure meaning that any security incident can potentially affect millions of lives for the worst.

Protecting Your OT Systems

Faced with the prospect of cyberattacks on critical infrastructure, the government is focusing more attention on OT than ever before. It is only a matter of time before businesses – particularly government contractors – are required to follow regulations to protect their OT systems. But there’s no reason they can’t start now.

1. Adopt ICS Security Frameworks

With IT-directed attacks still accounting for a large number of OT threat incidents, securing your IT and network perimeter is a first step towards protecting OT. Organizations can start by complying with standards like the National Institute of Technology (NIST)’s Cybersecurity Framework (CSF).

They can also implement guidelines developed specifically for industrial environments, such as the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP).

2. Treat OT as a Separate Domain

Despite IT and OT convergence, organizations are increasingly shifting the primary responsibility for OT security from IT managers to OT operators. As a SANS Institute survey reports: “organizations are realizing the enterprise IT and ICS/OT environments are not the same. They not only have different types of systems, but also have technologies that are not directly cross-compatible.”

Ultimately, increased communication between IT and OT professionals can help to bridge knowledge gaps. While 72% of cybersecurity professionals can’t tell whether a disruption originated from IT or OT, a much larger number of professionals with a combination of IT and OT expertise can.

3. Promote More Secure Authentication

Poor identity management and authentication practices – such as weak passwords and lack of two-factor authentication – continue to threaten systems within an OT environment and on the periphery.

Now more than ever, it’s vital for organizations to educate their employees on the importance of secure passwords, and update applications with most-secure configurations, which may include 2FA and support for biometrics.

4. Develop an Incident Response Strategy

In the event of a successful OT attack, organizations can mitigate harm significantly by developing a robust incident response strategy. In summary, the plan should include steps to:

- If possible, isolate the affected systems to prevent further harm, identify the threat source and remove it.
- Record and document an ongoing attack for later analysis and review.
- Reduce harm by resetting affected systems’ passwords and user profiles.
- Inform stakeholders and implement measures to prevent future incidents.

During an attack, every second counts and knowing what to do ahead of time can make a world of difference. For more detail, check out our blog post on disaster recovery and response. Additionally, consider joining industry organizations such as Incident Command System for Industrial Control Systems (ICS4ICS), which focuses on an OT based emergency management framework.

The Need for Expertise

When it comes to defending against OT attacks, no method of security is more reliable than proactive risk management, threat hunting and vulnerability assessment conducted by experts at the intersection between IT and OT.

Unfortunately, experts are hard to come by, especially for ICS, SCADA, programmable logic controllers (PLCs) and other OT systems. Fortunately, many are employed by Securicon. With years of experience with critical infrastructure – and the ability to implement NERC CIP guidelines – no one is better equipped to find vulnerabilities and promote safety in modern OT systems. To learn more, contact us today.

Every day, multiple technologies work in the background to make modern life possible. Two of the most important examples include Information Technology (IT) and Operational Technology (OT). While most of us recognize IT as a term that broadly encompasses digital computing, what about OT?

OT can be difficult to understand, but that’s only because most of us are unaware of the nomenclature. In recent times, exciting developments are bringing about a convergence between OT and IT that have big implications for technology and industry.

In this article, we’ll define what it is, and how it relates to other terms.

Operational Technology

OT or Operational Technology encompasses the computing systems that manage industrial operations. This includes monitoring of Oil & Gas, the Electric Utility Grid, manufacturing operations, and more.

Simply put, OT runs the networks that allow common civilized norms to continue like the electricity turning on in your house or the clean running water coming out of your faucet.

Industrial Control System

Industrial Control System (ICS) is an umbrella term that includes both SCADA and DCS. An ICS network can monitor many infrastructure and raw material systems. For instance,

Conveyor belts in a mining operation
Power consumption in the electric grid
Valve pressures in a natural gas facility

ICS networks are mission critical, requiring immediate and high-availability. In many ways, this emphasis represents the main difference between IT and OT/ICS systems. For IT, security is high priority preserved by the Confidentiality, Integrity, and Availability (CIA) triad. In OT/ICS networks, both integrity and confidentiality come second to availability.

SCADA

Supervisory Control and Data Acquisition (SCADA) is a systems architecture for managing large and complex processes. SCADA systems are normally found in utility providers such as natural gas and electric power transmission, where control functions are distributed over a large geographic area.

SCADA systems consist of three main components:

A central command center consists of all the servers running SCADA software
Multiple, remotely located local control systems directly control and automate process equipment
Communication systems connect the servers at the central command center to the remote locations

The main purpose of SCADA is data acquisition: the networks consist of multiple remote terminal units (RTUs) that are used to collect data back at the central command center, where they can be used to make high level decisions.

Distributed Control System

Distributed Control System (DCS) is a type of process control system that connects controllers, sensors, operator terminals and actuators. The data acquisition and control functions are performed by distributed processors situated near the peripheral devices or instruments from which data is being gathered.

While DCS and SCADA are functionally very similar, DCS is generally employed at large, continuous processing facilities. Operations are almost always controlled onsite rather than remotely.

Harry Thomas is a senior level cyber security consultant who works with industries that require security in high availability networks such as Electric Utilities, Healthcare, Oil & Gas, etc. He enhances security programs through methods of vulnerability assessments, penetration testing, reverse engineering, and security research. Harry harnesses his experience from both enterprise security and ICS security to build secure networks that enable organizations.

Securicon offers comprehensive digital security and compliance solutions to organizations. Our services include penetration testing and social engineering assessments which are trusted by critical infrastructure companies across the U.S and other critical organizations to find vulnerabilities and maximize safety. In 2019, there’s no room to be lax about security – contact us today!

Tag: SCADA

How to Protect Your Operational Technology (OT) in 2023