Cyberattacks on Industrial Control Systems (ICS) used in manufacturing, energy, mining and other environments are on the rise. Hacking groups are increasingly attempting to breach industrial networks because ICS systems make easy targets.
What are Industrial Control Systems
ICS is a general term used for several types of control systems, and their associated instrumentation, used for controlling industrial processes.
These systems come in varying levels of complexity, from basic controllers mounted on equipment to large interconnected and interactive Distributed Control Systems (DCS). All these systems, regardless of complexity, receive data from remote sensors and use this data to control processes.
ICS systems are used in industries such as chemical processing, pulp and paper manufacture, power generation, oil and gas processing and in mining.
Why are ICS Systems Being Targeted?
ICS systems are being targeted because they are easy to access. In most cases, only network access or basic privileges are required to gain access. Furthermore, many control systems still run on old or bespoke operating systems making them vulnerable to attacks.
The main source of attacks to ICS computers is the internet, with hackers searching for unsecured ports and systems to gain access to industrial networks.
In some cases, these cyberattacks are random and not attacks specifically targeting industrial networks. However, the way in which these are setup means that automated self-propagating campaigns can easily find them.
Product Features Adversely Affect ICS Security
Some ICS products’ features and functions can actually threaten their security. In many cases, purpose-built functions built into control systems, could be exploited by attackers by simply changing configuration settings. Malware isn’t necessarily required to attack some control systems as some product features can easily be reconfigured and weaponized.
Furthermore, some features posing security challenges have actually been purposefully built into systems to make engineer’s lives easier. These features can’t easily be updated and trying to remove them causes disruption in the system and in production.
An example of such a feature, is the use of single, hard-coded system engineer logon credentials found in an ICS system. The logon credentials are stored in a configuration database, with the password hashed. However, the hash is simple and guessable. Once an attacker has guessed the password, they have access to the system and possibly the entire network. Moreover, the password can’t be changed because it’s designed into the product.
ICS Systems Often Outdated and Unpatched
According to Damon Small, technical director of NCC Group, global experts in cybersecurity and risk mitigation, attacks in the ICS sector are becoming more common. However, he states that the impact of making security changes that take operations offline, often deter operators from running updates. One operator explained to Small, that taking systems offline to run monthly Windows patches taking four hours overall, would cost his organization $350,000 in outage time.
Fortunately, it is difficult to execute damaging attacks on ICS networks without knowledge of plants’ processes and its ICS systems. Consequently, to date such attacks have been rare. However, security experts warn that nation-state attackers are increasingly gaining knowledge on how to sabotage a plant’s operations via cyberattacks.
Consequences of Cyberattacks on ICS Systems
According to a report published in March 2019, almost one in two industrial systems showed evidence of attackers attempting malicious activity over a single year. Countries whose ICS computers showed the greatest malicious activity were Vietnam, Algeria and Tunisia. The most secure countries, in order of increasing security, are Ireland, Switzerland, Denmark, Hong Kong, UK and the Netherlands.
Cyberattacks targeting industrial systems can potentially cause great damage. Attacks can range from using backdoors to steal sensitive data to using ransomware to shutdown networks. Attacks can also trigger industrial system breakdowns that lead to dangerous situations and physical damage.
Pwn2Own Contest Includes ICS Systems for the First Time
Thanks to the sharp rise in cyberattacks on Industrial Control Systems, the Pwn2Own contest has for the first time included ICS systems in its hacking contest. The Pwn2Own contest, which ended today, is the world’s most well-known hacking contest.
Software for industrial equipment was the primary focus of the contest this year. The contestants had five ICS categories from which they were free to choose what ICS software they wanted to hack. At the end of the contest, the security researcher who hacked the most ICS devices with the most complex vulnerabilities won the contest.
All ICS bugs discovered during the contest are immediately disclosed to their respective vendors.