People across the U.S. were awed and dismayed at video footage of the failure of the Oroville Dam main and emergency spillways in February 2017. More than 180,000 residents who lived downstream had to be evacuated, and a year later the cost of the failure – from state and federal emergency response to repairing the damage – was estimated at $870 million or more.
That failure was caused by record-breaking rainfall, and residents received warning before the flooding. But what if the failure was caused not by Mother Nature but man-made actions, without the opportunity to warn people? For instance, in December 2014 hackers used phishing emails to hack into a South Korean nuclear power plant and threatened to destroy or shut down its nuclear reactors.
Forrester Research has released a new report, “Protecting Industrial Control Systems and Critical Infrastructure From Attack,” that identifies cyber weaknesses in industrial control systems (ICSs), including those in critical infrastructure such as utilities, pipelines, and the electrical grid, as a major national security issue.
Cyber attacks against ICSs are increasing rapidly, the report found. Reports of ICS attacks filed with the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team have increased from 198 in fiscal year 2012 to 290 in FY2016.
The weaknesses of current ICSs are well known:
- ICS devices, which once required physical access to connect them, are now connected to the Internet, as organizations sought more efficient ways to operate their businesses;
- Nation-state adversaries find infrastructure an attractive target, and they have the manpower and expertise to target them;
- ICSs are particularly vulnerable to insider threats, not just through hacking but simple physical access to facilities and equipment; and
- Consolidation in heavy industries, from oil and gas to electrical utilities, has given companies a hodge-podge of networks, equipment and devices to monitor and control, making it a much more complex environment from a security standpoint.
Compounding the problem, from a cyber standpoint, is that legacy ICSs often were built and installed for long-term use in a production environment – often a decade or more. They have significant uptime requirements (think about it: how long can a part of the electric grid be shut down without causing problems?). Many of them weren’t really designed to be patched, and their software may no longer be supported. There are other complicating factors, but you get the idea.
The Forrester report recommends taking a “zero trust” approach to security for operations technology (OT) full of ICSs. Among the key elements:
- Mapping assets, understanding network traffic, and blocking unknown traffic. Creating a map will show where OT networks are connected to the Internet; this will allow segmenting the networks and making sure their devices aren’t Internet-accessible. And it’s necessary to know valid network traffic, such as maintenance activities, to identify and block malicious traffic.
- Assume all traffic is suspicious until it’s been authorized, inspected, and secured. And use a data-centric and identity-centric approach, which will help isolate attacks and limit the attacker’s ability to move sideways within the network and cause more damage.
- Create an intelligent alerting system. While OT systems may report the operational status of individual components, they usually don’t provide context – is a system down because of a mechanical failure, an environmental/weather issue, or a cyber attack?
Want to learn more about a Zero Trust approach to protecting critical infrastructure? Click here for the report and click here to get started.