- 2021 saw heightened awareness and urgency to bolster cybersecurity across critical sectors, including industrial infrastructure
- 32% of large organizations suffered cyberattacks involving data shared with suppliers
- Integrating with Security Information and Event Management (SIEM) and adhering to industry standards for information security would be prudent as a long-term industrial infrastructure cybersecurity strategy
2021 is the year that saw heightened awareness and urgency to bolster cybersecurity for industrial infrastructure on a larger, more coordinated scale. In April, some high-profile cyberattacks included ransomware attacks on the Colonial Pipeline, affecting fuel supply to 45% of the US East Coast. In May, the world’s largest meat processing company JBS SA caused disruptions in Australia, Canada, and the US.
In October, the hacking of all 4,300 gas stations across Iran also displayed the devastating impact of outdated cybersecurity measures. The attack compromised the smart card system used for buying subsidized fuel in the country, leading to long queues and stoking public fears of rising fuel prices.
Due to international sanctions, Iran’s IT infrastructure is vulnerable to unwanted infiltration as it has difficulty acquiring the latest software patches and digital technology.
Why cybersecurity is essential to industrial hubs
Gas stations make a good parallel with Industrial Control Systems (ICS) to see where the weaknesses lie and how best to approach cybersecurity for a complex structure, with its many interlinked devices with different capabilities, software, and operating systems all being critical functions.
“Something as common as a gas station has all the attributes of an ICS, such as connected equipment including pumps and tanks, controllers, a management system, a payment system, as well as connection to the corporate network, third-party service systems, and the internet,” said Chris Connell, managing director for the Asia Pacific at Kaspersky which researched ICS infrastructure at the end of last year.
Its report included analysis of a modern gas station’s automation software architecture, a typical infrastructure, its communications, and potential attack vectors on its network.
“The first group of risks involves potential remote access from external networks. Just like many industrial systems today, the gas station employs solutions that are connected to public services through the internet, these include cloud banking systems or specialized fleet management systems. Remote access to the fuel station allows further malicious actions inside the network,” he said.
Third parties with access to the network also provide potential avenues for attackers to gain entry. What good are cybersecurity measures when partners or suppliers are lax in their approach and can crack open doors to the network? In October, Kaspersky’s annual IT Security Economics report found 32% of large organizations suffered attacks involving data shared with suppliers.
“Another set of risks involves network and device issues that may potentially lead to the disruption of fuel station services or direct financial impact. Attacks can come from remote networks or by connecting to wireless networks or wired network ports available onsite,” Connell said, adding security flaws in the fuel controller, POS terminals and network equipment, as well as corporate endpoints and applications are a critical and evergreen problem too.
Improving ICS cybersecurity
Connell listed some significant security measures which can be applied to any industrial network:
- Network security: Purpose-based network segmentation enhances overall security and minimizes the surface of attacks. Passive OT network monitoring is essential for asset and communication inventory and detection of intrusions before affecting the technological process.
- Access control: This should include restricting physical and logical access to the automation and control system. Security measures for remote access control for service companies will help to avoid third-party incidents.
- Endpoint protection: It is vital to implement specialized industrial-grade security software for OT hosts and servers. Ensure that the software is approved by the automation vendor and compatible with its solutions. This should help avoid situations where the protection product affects operational functions.
- Security management: A centralized security event collection and protection software policy management system should be implemented. It is also essential that the solution allows vulnerability and patch management.
Aside from that, he also said integrating with Security Information and Event Management (SIEM) and adhering to industry standards for information security such as IEC 62443, NIST, NERC CIP, and more would be prudent as a long-term industrial infrastructure cybersecurity strategy.