Article by Enzo M. Tieghi
Since the beginning of the COVID-19 pandemic, manufacturing companies, including in Italy, have faced a wave of cybercrime: industrial activities are a prime target for hackers and the consequences of a ransomware or a data breach with subsequent denial-of-service can be far-reaching damages, bringing OT security back among the priorities.
The growing volume of cyberattacks on businesses globally shows that any business can be the target of malicious attacks in both industry and utilities.
According to the Report Clusit 2022 in 2021 the attacks in the world they are increased by 10% compared to the previous year, and are increasingly serious.
Of these attacks, some observers have recorded that one in ten intended to gain control of an OT or Internet of Things (IoT) device, indicating a tendency to target system continuity rather than conventional data, but both factors together are cause for alarm among industrial enterprises of all sizes.
Hackers target all types of businesses, from start-ups to global organizations, and focus more on the growing number of internet-connected networks, devices and systems that were previously isolated.
The consequences of compromising a device range from data exfiltration to service shutdown, yet the financial and manufacturing impacts to an industrial operation are often significant.
Unfortunately, there is no single quick fix for strengthening cybersecurity due to the various types of incidents that can occur: some cyberattacks are complex and sophisticated, others less so. Many attacks on devices are very basic, which means that there are only a few steps industrial companies can take to minimize the risks.
ServiTecno has been actively involved in the Industrial Cyber Security theme in the Industrial / Operational environment for a couple of decades.
One common thing we have observed when using automation hardware and software is that many maintainers do not update the automation software regularly and the firmware is also often overlooked.
Conversely, there is a tendency to view automation as a one-time purchase: once you install the application, you leave it intact and forget it, leaving it in its initial state.
Hardware can be physically maintained on a regular schedule, but software, which is an intangible and invisible asset, is often overlooked.
For PLCs installed on automated plants and machines, the older the firmware, the more susceptible it is to known, unpatched security vulnerabilities, such as weak authentication algorithms, outdated encryption technologies, or backdoors for unauthorized access. .
For PLCs, outdated firmware versions could allow low-skilled attackers to change the state of the module to shutdown mode, resulting in a plant denial-of-service that disrupts production or prevents critical processes from running .
PLC manufacturers regularly update their firmware to ensure it is robust and secure in the face of the changing computing landscape, but there is no set interval between these updates.
In some cases, updates are released within days or weeks of discovering a vulnerability to minimize user risk. Firmware version update information usually highlights any exploits that have been fixed.
How to find out if the firmware level of the PLC may contain vulnerabilities? For this information there can be the vendor sites themselves or the Common Vulnerabilities and Exposures (CVE) database sites specific to industrial control systems, such as that of ICS-CERT of CISA-US.
However, it is important to note that some legacy PLCs may no longer have firmware updates if the manufacturer is gone or if the system has reached obsolescence.
As a countermeasure, many opt for the air-gap of older PLCs to minimize the cybersecurity risk, but lack of firmware update can also create interoperability issues with other connected devices. Sometimes devices on the factory network, such as a switch that is being upgraded, can cause communication and compatibility issues with old PLCs running older versions - this is another reason why systems should be updated with the latest software patches .
In practice, one should invest in a more modern PLC to minimize the risks and, due to the rate of PLC innovation in recent years, one would probably also have the advantage of performance and increased functionality at the same time.
Unfortunately, firmware vulnerabilities are inevitable, regardless of PLC make and model.
To find out more, you can contact the experts. In ServiTecno, for years we have been able to highlight, with special tools, any vulnerabilities on networks, devices and industrial systems. This involves not only support with firmware updates as they become available, but also driving up towards wider system resilience to ensure that manufacturing companies are as safe as possible from software but also hardware vulnerabilities.
The trend to date shows us that the growth of cyber attacks will continue long after the end of the COVID-19 pandemic, and OT infrastructure and automation are increasingly targeted, becoming more and more critical targets. It may seem like a simple step, but adopting a firmware update approach like the one we do with conventional computers can help maintainers protect operations and keep systems in a more secure state.
Do you want an opinion from someone who has been involved in OT/ICS Cyber Security for more than 15 years?
