Industrial control systems (ICS) are integrated hardware and software products that help large-scale providers — such as manufacturers, government agencies and utility companies — manipulate processes. ICS security has become a hot topic, especially as hackers target the technologies controlling some of the most critical infrastructure. How can IT professionals and others interested in bringing technology into their organizations get results without increasing cyberthreat risks?
Understand the Potential Threat Sources
The risks surrounding ICS security vulnerabilities come from within and outside targeted entities. External cybercriminals seek to disrupt essential activities and cause companies to lose significant profits. Internal bad actors have similar motivations, especially if they have grievances against current or former employers.
Studies consistently highlight human error as a cybersecurity risk. One researcher suggests breaking it into two types to understand the issue. Skills-based errors happen when people make mistakes while doing routine tasks, especially if distracted. Knowledge-related missteps occur if parties lack the necessary understanding or ignore stated rules.
The complexity of human behavior makes mandated practices or distributed information insufficient for addressing both categories. The superior option is to minimize the cognitive load associated with cybersecurity ideals by prioritizing intuitiveness and effortlessness when possible. Positive attitudes about tighter security work better than scare tactics, so leaders should adopt a long-term perspective by continually educating workers.
Stay Abreast of Emerging Attack Methods
Cybersecurity professionals regularly release data about potential or known ICS infiltration methods. Remaining aware of that information helps relevant parties stay informed. IT teams might also collaborate with employees who protect an organization’s operational technology (OT) systems. Seeing OT/ICS security parallels enables people across the company to strengthen the appropriate defenses after seeing how cybercriminals could attack.
Compromising Weak Passwords
Research about one ICS attack affecting a Norwegian dam and fish farm revealed that some cybercriminals still look for widely known weaknesses. The culprits compromised a weak password, using it to fully open the dam’s valves. This change discharged water at approximately 131 gallons per second above the minimum mandated flow rate.
No one detected this change for four hours, but it did not cause physical damage or risk public safety. The hackers initially compromised a web-accessible control panel, which allowed them to bypass authentication measures and enter the operational technology environment.
Experimenting With Generative Artificial Intelligence
The rise in generative AI chatbots has allowed cybercriminals to create realistic-sounding phishing messages and similar content to trick victims. This capability could also become a new ICS security threat to safeguard against.
A 2024 report published by ChatGPT developer OpenAI noted several cases of state actors using its services for malicious purposes. The activities ranged from content creation for phishing campaigns to research about publicly known vulnerabilities.
OpenAI detailed its multipronged approach to target malicious uses by state actors. The defenses included monitoring, detecting and disrupting the entities through internal means while collaborating with industry partners to exchange information about known vulnerabilities. The AI provider also deploys iterative methods to improve safety, learning how adversaries use its offerings and finding new ICS security solutions when needed.
Using Unchanged Default Ports and Passwords
Default passwords can also become cyberthreats if equipment owners do not change them during installations. In one case involving several water authorities’ pump stations and connected products, investigators traced problems to programmable logic controllers (PLCs) and similar components.
The perpetrators gained entry using default ports and passwords, which IT teams had not changed when setting up the equipment. Although the hackers primarily defaced the controllers’ user interfaces and may have turned off the PLCs, investigators do not know if the parties planned more in-depth measures or achieved greater access.
Explore Viable ICS Security Solutions
One of the most effective ways to keep an ICS safe against modern cyberthreats is to find and mitigate detection options. Purpose-built products can relieve cybersecurity professionals’ workloads by triaging suspected issues and helping users decide which ones to investigate first.
Some commercial options monitor the whole OT landscape, allowing users to recognize and respond to threats before cybercriminals infiltrate networks. One product assigns risk scores to all devices and tags their application flows. People can also receive security insights to keep knowledge current and support actionable decisions.
When looking for commercially available ICS security solutions, interested parties should focus on options with robust tech capabilities and excellent scalability potential. Those characteristics make the products maximally relevant even as an organization grows or its cybersecurity concerns change.
Decision-makers should also explore products that let companies create backup copies of important data. Ransomware attacks are among the most prevalent cyberthreats. In 2023, the FBI received 1,193 reports of such attacks on organizations in critical infrastructure sectors. That suggests cybercriminals know they could do real damage by focusing on these targets and think trying is worth their while.
Although backing up essential data goes beyond cybersecurity defenses, this activity complements them because it limits the damage bad actors can cause by locking down networks and files. Targeted organizations are then less likely to pay steep ransoms that do not always result in restoration of service and access.
Remain Adaptable to New Threats and Established Ones
Professionals should ensure ICS cybersecurity strategies address modern cyberthreats and continue paying attention to well-known attack mechanisms that do not use the latest advancements. They can then conduct comprehensive cyberthreat risk assessments.
Following the latest news about successful or attempted network infiltrations and research from industry professionals, academics and other knowledgeable individuals will also keep IT experts updated on common risks and the best ICS security methods. Because those vary depending on an organization’s size, type and purpose, parties get optimal results by using individualized approaches that they can adjust as needed.
Emily Newton is the Editor-in-Chief at Revolutionized Magazine. A regular contributor to Brilliance Security Magazine, she has over four years of experience writing articles in the industrial sector.
.
.
Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information. BSM is cited as one of Feedspot’s top 10 cybersecurity magazines.