The now daily news shows that even technologies for industrial production (OT), which are relatively little exposed, are not exempt from vulnerability problems that normally give rise to concerns in the much more visible IT world.
In an industrial fabric like the Italian one where SMEs are dominant, it is interesting to see where and how Cyber Security issues are addressed: more information on the INNOVATION POST website…
However, defending yourself is less simple than you might think due to the specific characteristics of manufacturing environments: Do you know the differences between Cyber Security in an IT and OT environment?
Two key points to better understand the specificities of Security in a Process environment:
- Industry-specific technologies: The configuration and management of communication mechanisms and protocols in the industrial sector require specific skills. Those who have always dealt with IT security have no knowledge (or, at best, not enough) of the specificity of industrial control systems (ICS).
- Operational technological deficienciesI PLCs and RTUs are low-computation computers, built to control physical components such as valves, pumps, motors, etc. We are therefore in the presence of devices outside the IT standards that require targeted and specific defense strategies.
What is ANOMALY DETECTION? READ HERE…
To better understand the problem, just read this short list of vulnerabilities specific to SCADA and ICS systems, bearing in mind that there are, in fact, many others.
We can say that already installing an anomaly detection software is a big step forward towards the "verification of own infrastructure" and the detection of untracked terminals: in practice when the system is put into operation it begins by creating an image of the network, mapping PLCs, servers, clients, loggers, sensors and mobile devices…in short, everything connected Network.
What can such a platform show us?
Subsequently, architecture behavior and network traffic are analyzed in order to detect the following anomalies:
- Process and network anomalies: devices that vary suddenly theirs behavior, overload or load reduction in communication.
- Unknown devices on the network: devices of external personnel or third parties unauthorized for use in the operational network perimeter.
- Devices connected directly to the public network: data modems, IP cameras, IOT devices.
- Outdated firmware and operating systems: no longer supported and updated
- Outdated operating systems with the latest safety equipment: service packs, SIMs, patches, etc.
- Lack of authentication: missing passwords or weak passwords (eg admin / admin or admin / 123456) can lead to unauthorized access and changes in the configuration of a critical system.
- Lack of encryption: unencrypted, unencrypted communications are easily intercepted and manipulated even by those who do not have specific knowledge of the sector.
- Backdoors: SCADA and ICS can be exposed to attacks through standard communication networks but also through industrial protocols which, almost always, are inherently unsafe.
- Buffers overflowed: buffers can be subject to specific attacks that can cause overloads, corruption of memory areas and lead to system crashes.
- Custom bindings to physical control components: the extensive use of network protocols without security features and the direct interaction of ICS with physical devices makes possible attacks that impact people's physical security.
Such vulnerabilities can be easily identified through the adoption of Vulnerability Detection systems specific to OT environments.
These systems use whitelisting, machine learning and deep packet inspection (DPI) principles dedicated to industrial protocols and allow you to quickly acquire a map of connections by promptly reporting anomalous or suspicious events.