Cyber Security Landscape and the Industrial 4.0 Revolution
Almost every day we hear about cyber-attacks occurring on the banking and financial sectors and quite often we hear that user credentials have comprised and breached.
In today’s age cyber-attack has caused havoc among countries and organization, as we continue to depend heavily in information technology in our daily life routine. We rely on devices that are connected to internet and share data and information with other connected devices through the internet. As we continue to evolve through the fourth industrial revolution, we become dependent on data and information sharing.
Hence with the introduction of Internet of Things (IoT), 5G and cloud computing are set to transform this digital transformation. Everything will be connected to each other, devices and computers, and this exactly where the issue will lie in terms of cyber security.
With data being readily available and the advancement in technology, is leading to inevitable drawbacks and a race against time to secure the cyber space. It is human nature to challenge the status quo and act against the norm. Cyber-attacks are not done for passing time anymore, but it done as a full-time job and more and more professionals and non-professionals are choosing to do so because the opportunity presents itself.
Some of the activity a cyber-attacker could do is steal your identity and start spreading fake news or steal your credit card information. This all could be done, but at first the attacker has to have some kind of access to launch his attack and normally this is done through sending an email attachment which might contain malicious code or scripts that run at the background and gathers information. Cyber-attacks have become a topic in the mainstream news and media outlets. Companies, organizations and countries are spending heavily in securing their IT infrastructure as it becomes essential for their business operations to continue functioning.
It is estimated that the cyber-attacks have costed organization about $20 billion in 2019 and this number is expected to double in the coming few years.
The risk is even greater in the world of critical infrastructure because these risks could exceed quantitative risks and beyond, resulting in the loss of life and process. When we talk about critical infrastructure; we are indeed talking about transportation networks, metros and trains, aviation and airports, power plants and water desalination, manufacturing and nuclear. These infrastructures are called operational technology (OT) have become more dependent on the fourth industrial revolution and the commercial of the shelf (COTS) IT product with a strong focus on the convergence of IT/OT as digital transformation takes shape. Traditional OT systems were self-isolated, air-gapped, works in isolation and required no internet access. The digital transformation and industrial 4.0 revolution is changing the paradigm with a demand for always-on connectivity, real-time monitoring, cyber security and effective service delivery.
The next battlefield – Cyber-Attacks and Digital Warfare
In a power plant for an example; an attacker could cause major disruption by denying the line-of-sight for an operator and in turn resulting in a loss of control for vessel pressure, which could explode and cause a fatality.
In context; the next war between countries will not be in the traditional manner of deploying troops and attacking each other on the battleground, but instead it will be a cyber-warfare.
One of the most famous industrial control system (ICS) cyber-attack was the Stuxnet attack which kicked-off the whole understanding on how a cyber-attack can cause process damage. The attack targeted the Iranian nuclear plant, by infiltrating air-gapped networks with the sole purpose of shutting down the centrifuge to halt the nuclear enrichment program. ICS infrastructure has become more prone to cyber-attack because of the convergence between the IT and OT networks and due to the heavy reliance and dependence on such connectivity brings together different paradigms of cyber threat and risk vectors.
With what is mentioned there lies the difference IT and OT cyber security. OT security is much more concerned with the availability of system at all time, as it very critical to have all system available at all times, in order to command and control the operations. Whereas, in IT security the priority to ensure that data has not been tampered with or breached.
Despite most industrial control systems and networks are largely based on traditional IT technologies; securing them in the same manner as IT networks becomes a challenge; as their operational environment is different. One of the main challenges we find in industrial networks is applying security patches on OT systems; there are many reasons for this, such as lack of IT connectivity to download patches; lack of approved patch cycles and supported versions from OEM vendors; requirement to be physically onsite since there is no remote connectivity; lack of clear patch management process, all contribute towards this issue. Leaving systems unpatched for a long duration only means you compound on the situation and vulnerabilities accumulate exponentially leaving you highly vulnerable to any sort of cyber-attack.
There are many other examples of such OT vs. IT differences; another one is performing vulnerability scans. One can assume that in IT this does not do any harm but put that into the context of OT then the situation changes completely. Where performing any sort of vulnerability scan can result in system malfunction, buffer overflows and process outage as these industrial control systems are not designed to accept large amount of traffic, nor are they designed with resilient TCP/IP and application stacks therefore resulting in denial of service or affecting the integrity of system units.
Another interesting area of debate is OT environment do not have offline, staging or development environments unlike IT, where we have all of them. It is always difficult to understand why customers don’t have an offline development environment; even if it is not a replica but simply a lite version of the production would yield so many benefits. Not only would it allow to improve the overall security posture by testing security controls and even perform vulnerability assessment and penetration testing without ever impact any production networks.
Critical infrastructure will be the most valuable and attractive target by cyber attacker; not because of the amount of damage and impact it can have but the role it plays in modern-day society. It is worth mentioning that attack on IT network could easily transcend to operational technology (OT) leaving the entire network exposed.
Organizations operating critical infrastructure should develop a robust cybersecurity program which addresses the issue at hand and build strong cyber defense capabilities to ensure detection capabilities are effective; it only takes a second for a cyber-attack to successfully execute.
It recommended for organizations to conduct a periodic cyber risk assessment to ensure that cyber risks are kept too acceptable limit and tolerance levels. Aim to achieve compliance to international and regional standards such as IEC-62433 (ISA99), National Cybersecurity Authority – Saudi Arabia, NESA IAS, DESC ICS Standard and NIST CSF. Such standards are starting point for any organization to design and implement cyber secure network architecture and build a zero-trust relationship and defense in depth strategy for the OT environment. The defense in depth strategy entails building different layers of defense; if one fails the next layer aims to protect the infrastructure and so on. The IEC-62443 standard also suggest segmenting the network into zones and conduits to ensure secure network and restrict data flows. Adoption of Industrial Network Anomaly Detection and Secure Asset Management tools will also significantly enhance the cyber security posture as new and emerging trends in the space.