Cyberattacks on Industrial Control Systems (ICS) have become increasingly common. These types of cyberattacks are different from those we see most commonly in other computer networks. Successful attacks on ICS systems can result in significant physical danger as well as financial loss for companies that rely on these systems to operate safely and efficiently. Knowing the ways hackers can get into your system is the first step in keeping them out.
Introduction to Industrial Control Systems
Industrial control systems (ICS) are computer systems used to control industrial processes. These systems are present in many industries, including energy (petroleum, natural gas, power, etc.), manufacturing (food and beverage, chemicals, etc.), transportation, water and wastewater, mining, and healthcare. ICS networks often have different security needs and requirements from those of other computer networks. This is because these systems typically run special applications with limited user interfaces and are not used for normal business operations.
Most ICS networks are used for monitoring and controlling devices, or for process control or dispatching. Some of the devices on ICS networks include programmable logic controllers (PLCs), sensors, actuators, supervisory control and data acquisition (SCADA) systems, programmable automation controllers (PACs), remote terminal units (RTUs), and HMI (Human Machine Interfaces) or SCADA computers.
IIoT and SCADA Systems
Industrial control systems are usually located in a separate network and rarely communicate outside their local network. This is because they had limited connectivity options in the past, and therefore could not communicate with the Internet or other networks. However, the growth of the Internet of Things (IoT) has changed this. In fact, there has been a shift in terminology in this industry with IoT devices connected to industrial control systems. Instead of “industrial control systems” we now refer to these systems as “industrial internet systems” or more commonly “Industrial Internet of Things” (IIoT).
Remote Access Attacks
A remote access attack is when a hacker remotely connects to an ICS. One of the most common ways hackers access ICS systems remotely is through the use of SCADA systems. In this scenario, hackers access the local network (LAN) connected to the SCADA system and then access the SCADA through the LAN. This can be done through the use of a computer running special software, known as remote access software. This software allows a person to remotely access the LAN and SCADA system.
Remote access attacks are also possible when a remote access server is connected to the SCADA. A remote access server is a computer used to allow access to the SCADA system from remote locations. There are a number of ways hackers can gain access to remote access servers, including through social engineering, brute force attacks, and password guessing.
Wireless Network Attacks
The use of wireless networking has become popular, as it eliminates the concerns of network connectivity. Wireless networks allow for hassle-free connections. IIoT devices in open places are vulnerable to cloning and physical attacks, thus security becomes a primary concern these days. Because of resource constraints, light-weight security schemes are required to authenticate communicating devices and protect industrial data.
In 2017, a University of Tulsa (Okla.) information security researcher demonstrated how he could seize control of entire wind turbine networks at U.S. wind farms by using a Raspberry-Pi-based card with a wireless or cellular connection to program automated management controllers.
Computer Network Operations
Another way hackers can get into ICS systems is to attack network infrastructure. This type of attack targets the routers, switches, and other network infrastructure devices connected to the ICS. The goal is to either gain access to the ICS or disrupt communication between the ICS and other networks. Network operators may also try to disrupt communication between the ICS and other networks. In either scenario, it may be possible for hackers to disrupt or shut down the ICS. This could result in serious physical danger to people and/or financial loss for companies that rely on these systems to operate safely and efficiently.
Hackers may also try to use network operations to gain access to systems or data. This could include trying to get access to a SCADA system connected to the ICS. In this scenario, hackers may try to figure out the communication methods used between the ICS and SCADA. Then, they may try to disrupt or gain access to the communication. This could allow hackers to remotely access the SCADA system and then access the ICS.
Virus and Malware Based Attacks
Another way hackers can get into ICS systems is by using virus and malware based attacks, such as the Stuxnet Malware or the Triton malware. This method is similar to a computer virus or malware attack in that hackers usually try to trick someone into installing an infected file on a computer connected to the ICS. Once downloaded, the file can spread to other systems connected to the ICS through network shares, removable drives, and other ways computers share data.
Hackers may try to trick users into downloading infected files. This may include sending a link to an infected file or sending an email with a malicious attachment. Once downloaded, the file may use a variety of techniques to spread to other systems connected to the ICS. These may include exploiting unpatched vulnerabilities or using brute force techniques to guess login credentials.
Network Infrastructure Attacks
Hackers may try to attack network infrastructure to disrupt or shut down an ICS. This may include things like shutting down routers or other network devices connected to the ICS or trying to flood the network with too much traffic. This can result in slower or less reliable communication or even a complete shutdown of the network. This may not only disrupt communication between the ICS and other networks, it may also disrupt communication within the ICS. This can result in a loss of control of critical devices connected to the ICS.
The stress on network infrastructure created by these attacks may also cause network devices to fail. This may be intentional on the part of the hackers or a side effect of the type of attack used. It may also be possible for hackers to cause a device connected to the ICS to fail by sending too much traffic to the device. This may be intentional or a side effect of another type of attack.
Conclusion
Cyber attackers have become increasingly interested in targeting industrial control systems because of the potential to cause physical damage and injury to people. Industrial control systems typically lack a human in the loop, meaning that any command or instruction issued by an attacker is likely to result in physical consequences. Additionally, industrial control systems often rely on legacy protocols and implementations that are less secure than current internet-facing services or applications.
Protecting industrial control systems requires an understanding of the unique risks they face. An effective strategy will combine traditional security controls such as firewalls, intrusion detection and prevention systems, secure development practices, user education, and regular scanning with the specific requirements of each system. This can be a challenging proposition for operators responsible for ensuring the safe operation of industrial facilities. Experienced cybersecurity professionals may be more difficult to find in this field than others in which technology is changing rapidly.
