Sophisticated tools help protect legacy industrial systems
Technology can detect network anomalies in early stages of cyber attack
By Byron Acohido, ThirdCertainty
Many critical infrastructure systems, such as those that control the electric grid, oil and gas refineries, and transportation, are now getting linked to the internet. That makes them easier to manage and maintain, but also could put them in the line of fire for cyber attacks.
I recently discussed the issues involved in upgrading and protecting these critical industrial control systems with Patrick McBride, chief marketing officer at Claroty, a startup that intends to secure the operational technology networks that run companies’ infrastructure systems. A few big takeaways from our conversation:
Old systems, new protections
When industrial systems were built, sometimes decades ago, no one considered the need for digital protections.
“The systems were never designed, especially 10, 15, 20 years ago, with cybersecurity in mind,” McBride told me. Their primary design goals were the safety of the workers and the resilience of the systems, he said. “Security wasn’t even an afterthought. It wasn’t a thought.”
Now, a new class of tools is coming online to help monitor these legacy systems. Using behavior analysis and anomaly detection, they are designed to catch intruders early in the attack life cycle. “Monitoring technology is going play a huge part in this environment,” McBride said.
Mishmash of systems leaves exposures
Big industrial plants are careful about what they put on their networks, but some are putting wireless and other access points on systems as time-saving techniques to gather data more efficiently.
“You’ve got a whole set of overwhelming business value from pulling data out of those plant systems and being able to provide that information back to the executive,” McBride said.
When organizations began to recognize the need for cybersecurity, some traditional IT security vendors repurposed existing technology, McBride said.That didn’t work particularly well, because in the industrial control systems, the networks speak to other kinds of protocols.
For example, there are a lot of Windows XP machines in industrial environments that keep air conditioning going, or run chemical manufacturing plants and refineries.
Potential for escalating industrial attacks
In December 2016, attacks on the Ukrainian power grid cut off a fifth of all electrical power in the capital city of Kiev. The purposeful takedown was attributed to Russia. The troubling fallout: threat researchers around the world have found indications of the type of malware used in Ukraine on other energy and industrial companies’ networks, McBride said, showing that hackers are at least probing for vulnerabilities.
But threats from nation-states are only one issue. “There are other categories that people are really starting to worry about. If you combined the ease at which it is to gain a foothold on these networks and the relative ease you can attack these systems, it’s not hard,” McBride said. “You don’t have to squint too hard to say … ‘Terrorist organizations might want to do this or buy expertise to help them do that.’”
For a deeper dive, please listen to the accompanying podcast.
More stories related to infrastructure vulnerabilities:
Hacked sirens should serve as warning that better infrastructure security is needed
Network outages point to critical technical vulnerabilities
Security of the Internet of Things takes on new urgency