Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

The Challenges of Securing Industrial Control Systems from Cyberattacks

There are many controller vulnerabilities attackers can exploit to disrupt operations and cause damage. Yet, most organizations don’t patch controllers because many ICS engineers prioritize network stability at all costs. 

Cyberthreats are forcing organizations in the industrial sector to take a long, hard look at how they protect industrial control systems (ICS) and, specifically, industrial controllers. 

The increase in the number of cyber incidents on ICS networks is a reality the industry can no longer ignore. Yet, ICS networks pose unique challenges for security professionals, primarily because they are not like traditional IT networks. To protect them, you need to understand how they operate, the different technologies they employ and their discrete functions.

Air gaps can no longer protect industrial networks from attacks

Until recently, industrial networks separated themselves from the rest of the world with air gapping. 

In theory, an air gap is a great security measure. You disconnect your industrial network from your business network and from the internet to create an impassable barrier that prevents attackers from reaching it.

However, air gapping is no longer a feasible solution for today’s connected and converged world of IT and operational technology (OT)

Trends like IIoT (Industrial Internet of Things) and Industry 4.0 drive organizations to improve existing processes and augment operational systems to facilitate more connections between physical processes and the internet.

This connectivity exposes previously isolated operational environments to cyberthreats.

Vulnerabilities in industrial processes increase cyber risk

A range of vulnerabilities in software and hardware, as well as weaknesses inherited from the legacy design of ICS networks, exposes industrial processes to cyber risks.

Industrial controllers — such as programmable logic controllers (PLCs), remote terminal units (RTUs) and distributed control system (DCS) controllers — are specialized computers that manage the lifecycle of industrial equipment and processes. 

Most of these controllers do not require authentication from those attempting to access them and alter their state. Most do not support encrypted communication. This means anyone with network access — a hacker, a malicious insider or even a careless employee — has unfettered access to the industrial process. That’s a threat to business.

There are many controller vulnerabilities for attackers to exploit in order to disrupt operations and cause damage. Yet, most organizations don’t patch controllers because many ICS engineers prioritize network stability at all costs. It’s difficult to patch industrial controllers because doing so can cause disruptions or downtime and can lead to reliability issues and other operational problems.

Unpatched Windows-based workstations that still run legacy operating systems such as Windows NT and XP are also common in operational environments. Many remain unpatched because of the same concerns regarding operational stability and reliability. These unpatched systems further weaken the risk posture of ICS networks.

Lack of visibility and control in industrial control system networks

Since ICS networks were designed before cyberthreats existed, security wasn’t a factor in implementation. Today, these networks require, but still lack, the visibility and security controls common in corporate IT networks. In many ICS environments, automated asset management or configuration controls are not leveraged. 

Without fully understanding which assets are in your network, which firmware they run, what code and logic they execute, their configuration and which of them are vulnerable, how can you take measures to properly protect them?

Don’t forget that these environments use specialized operational technologies (OT) from vendors such as GE, Siemens, Schneider Electric, Rockwell and others. They operate differently than IT technologies. They use different hardware, different software and different network protocols. As a result, IT security solutions are not a good fit for these environments.

Control-layer protocols are difficult to secure

When looking to secure ICS networks, one of the biggest technical challenges we face is that ICS networks use different communication protocols.

Applications for human machine interface (HMI), supervisory control and data acquisition (SCADA) and distributed control systems (DCS) all use standard protocols, like Modbus and DNP3, to communicate physical measurements and process parameters (i.e. current temperature, current pressure, valve status, etc.).

Meanwhile, control-layer protocols — which configure automation controllers, update their logic, make code changes or download firmware — are comprised of proprietary and vendor-specific protocols.

How to secure Industrial Control Systems from Cyberattacks

Each OT vendor uses its own proprietary implementation of the IEC-61131 standard for programmable logic controllers. Since these implementations are rarely documented, it is difficult to monitor these critical activities.

Since the goals of most ICS cyberattacks are to cause operational disruptions or physical damage, the adversary may try to change the way the process executes.

While a predefined set of process parameters can be changed through HMI/SCADA applications, the logic maintained on the controller defines the process flow and its restrictions. Therefore, changing the controller logic is the easiest and most successful way to cause such changes. 

Contrary to popular belief, this is not difficult. Once inside the network, an attacker can easily download control logic to an industrial controller or change its configuration.

Since attackers execute these actions using proprietary vendor-specific protocols, there is no standard way to monitor control-layer activities. As a result, changes an attacker makes (or even those that occur due to human error) can go unnoticed until damage occurs.

How to overcome the challenges of unsecured OT networks

Due to OT network design, and the lack of basic security controls like authentication and encryption, most ICS attacks do not need to exploit software vulnerabilities. Once an attacker reaches the OT network, they can use a compromised machine to launch an attack on industrial processes. 

The current lack of visibility and security controls in ICS networks places industrial processes and critical infrastructures at risk. To prevent unauthorized process changes and protect ICS from external attacks, you should use specialized monitoring and control technologies.

Learn more

Download the ICS Cybersecurity Considerations Checklist to learn more about criteria to help you select an industrial cybersecurity solution to secure and control your critical networks.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.