Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

ICS Cyber Security Predictions for 2018 – The Bad, The Ugly, and The Good

Next year will present new and increasing industrial cyber security challenges for facilities operators. However, there’s good news also. New developments will help minimize those threats. 

Next year will present new and increasing industrial cyber security challenges for facilities operators. However, there’s good news also. New developments will help minimize those threats. 

On the bad front, expect more sophisticated ransomware; increased threats due to the Industrial Internet of Things (IIoT); and a serious lack of cyber security skills. For ugly, think ‘red button’ incidents. 

However, good trends will continue to create greater security awareness and better solutions. 

The Bad 

New Ransomware will Focus on Industrial Control Systems 

In 2017, ransomware variants such as WannaCry, NotPetya and Bad Rabbit created serious disruptions in all industries. This trend will likely continue in 2018, highlighted by the introduction of a new type of ransomware specifically designed to attack industrial networks.

I base this prediction on work done last year by the Georgia Institute of Technology. The researchers designed LogicLocker, a cross-vendor ransomware worm that can hit automation controllers. It bypasses the devices’ “weak authentication mechanisms”, locks out legitimate users, and plants a logic bomb to “dangerously operate physical outputs”. 

IIoT Will Pose Greater Security Challenges

Advertisement. Scroll to continue reading.

The pressure to modernize, increase productivity, and boost operational efficiency is driving the adoption of connected technologies, notably IIoT. However, better connectivity has erased the traditional air gap that protected the industrial network from the IT network.  Many IIoT technologies lack protections to ensure devices cannot be exploited by hackers. As a result, these devices might expose industrial control systems (ICS) to a wide array of cyber threats and exploitation attempts.

Lack of Skilled Industrial Cyber Security Professionals Will Deepen

The lack of skilled ICS cyber security professionals is a well documented problem. 2018 will be no exception.

While most organizations are fully aware of the need to secure and protect their ICS networks, they struggle to define their ICS cyber security strategies and place skilled professionals in key roles.

The successful deployment of industrial cyber security projects relies on combining talent and resources from both IT and OT. To make these projects succeed, business-level oversight and leadership are vital. 

The Ugly

The Possibility of a ‘Red Button’ Incident 

The turbulent relationship between the United States and North Korea has gripped the attention of millions of people around the world. The rhetoric has escalated to a very scary pitch, with each side threatening the other with lethal force.

While much of the media focus has been on North Korea’s development and testing of nuclear weapons, little attention has been paid to the country’s development of a cyber army.

Another major player in these dark arts is Russia, which attacked Ukraine’s power grid in 2015, cutting off electricity to nearly a quarter of a million people. Security experts believe Russia was using Ukraine as a testing ground to develop techniques that could be used to launch cyber attacks against other nations.

In 2017, UK Prime Minister Theresa May accused Russia of attacking Britain’s national grid and telecom companies.

Such scenarios could lead to state-sponsored adversaries creating a ‘Red Button’ capability, whereby they infiltrate an industrial network and silently install malware that is capable of shutting down processes and critical infrastructures with the push of a button.  

The Good

Greater Awareness of OT Security Gaps

In 2017, there was an uptick in organizations implementing ICS security solutions and integrating them with existing tools such as Security Information and Identity Management Systems (SIEM), and Incident Management Systems. 

In 2018, this trend will likely continue given that ICS networks are generating more and more security alerts, which expose to both IT and executive management the security gaps they need to address.

Building Automation will Show up on Security Radars

For years, cyber security for corporate buildings was not a concern even though they house data centers and key services. This lack of interest is changing rapidly, as organizations become more aware of the threats posed to their building management systems (BMS) and building automation systems (BAS)..

BMS/BAS control a wide range of functions and services, including HVAC, lighting, water and wastewater management, fire suppression systems, close circuit television (CCTV), and access control. Typically, BMS/BAS systems are not connected to the corporate network and lack basic security.

More Implementation of Cyber Security Frameworks 

While not always required by law, industrial security frameworks have been gaining popularity over the past few years. We expect this trend to continue in 2018 as organizations seek optimal ways to gain visibility into industrial network activity.

Among the most important frameworks are: the NIST Cybersecurity Framework, and the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards. 

More Secure ICS Devices

Next year, we expect ICS technology vendors to roll out a new breed of products that will support encryption and other embedded security controls. 

While integrated protection capabilities should improve security, the reality is that most organizations will take years to replace all their legacy technologies. Even then, the best approach will remain deploying a defense-in-depth strategy that addresses internal and external security threats to all critical devices. 

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...

Cybercrime

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.