Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

ICS Environments: Insecure by Design

Industrial Control System Design Flaws Have a Profound Impact on Security Posture of Operational Networks

Industrial Control System Design Flaws Have a Profound Impact on Security Posture of Operational Networks

It’s a generally known fact that most Industrial Control System (ICS) environments were not built with cyber security in mind because they were designed before the cyber threat existed. For decades these networks were protected by an air-gap, disconnected from the outside world. With the introduction of commercial off the shelf (COTS) technology in the 1990s (which replaced proprietary, purpose-built industrial hardware and software) and the increasing connectivity to corporate networks and the Internet, these systems have become more exposed to cyber threats and the risk of compromise.

The impact of vulnerabilities and design flaws

Like IT networks, ICS environments are susceptible to software and hardware vulnerabilities. In recent years there has been a significant increase in the number of ICS vulnerabilities reported. Even though such vulnerabilities can pose exceptional risk to industrial control systems (like one discovered in Schneider Electric Unity Pro software), an attacker can still compromise an ICS network and cause disruptions to operations without exploiting them. The focus on the large number of ICS vulnerabilities routinely reported obscures a very important point: even when an industrial organization has mitigated all vulnerabilities, there are still design flaws that cyber attackers can easily exploit to compromise an ICS.

ICS networks have become easy targets because they lack basic security controls such as authentication, and do not support encrypted communication. In IT security terms, this represents a major design flaw that adversely impacts the overall security of the ICS environment. This means that anyone with network access can make changes to controller logic and configuration which can severely affect operations and have a catastrophic impact on plant safety and reliability.

Visibility and control in ICS networks

ICS networks suffer from a lack of visibility which prevents engineering and security staff from identifying a malicious actor compromising critical assets, or a contractor that may be making an unauthorized change to the configuration of a controller. Not knowing with certainty what’s happening in these networks severely impacts the staff’s ability to detect and respond to incidents, whether caused by cyber threats or human error. 

Due to this lack of security controls, anyone with access to ICS networks can – maliciously or unintentionally – make control-plane engineering changes to the controllers which manage  industrial processes. Control-plane changes to the controllers, like code updates and configuration changes, are very difficult to identify. It can take days or weeks to identify changes and most importantly, it is difficult to respond to incidents and revert the system back to its original state. These factors significantly increase the potential for operational disruptions and makes threat mitigation a complex process that is resource intensive and time consuming.

Advertisement. Scroll to continue reading.

When an organization has the ability to track all activities occurring in their ICS network in real-time, they can quickly identify incidents, pinpoint their cause, and respond to malicious or erroneous activity.

As long as security controls aren’t available to prevent unauthorized/malicious changes, the design flaws of ICS will continue to affect their security posture and put them at a high risk of compromise. No amount of vulnerability remediation can prevent access to the controllers on ICS networks or mitigate the risk of compromise resulting from a lack of security controls.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...

Cybercrime

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.