CS1907
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
industrial cyber security<br />
CRITICAL MASS<br />
CRITICAL ASSET OWNERS INCREASINGLY HAVE TO PROTECT THEIR ICT INFRASTRUCTURES AGAINST<br />
CYBER ATTACKS. IT'S NO LONGER ENOUGH FOR THE SUPPLIER OF A SINGLE MACHINE COMPONENT<br />
OR SUBCOMPONENT TO CLAIM IT IS CYBER-SECURE - THE ENTIRE MACHINE MUST BE SO<br />
Quite recently, hacking group<br />
Xenotime reportedly started to probe<br />
industrial control systems of power<br />
grids in the US. Xenotime are the group<br />
behind the infamous Triton malware,<br />
designed to disable safety systems at<br />
petrochemical plants. This malware was<br />
used in December 2017 to attack the safety<br />
systems of an unidentified power station in<br />
Saudi Arabia. Dragos, which specialises in<br />
industrial control system (ICS) security, found<br />
evidence of Xenotime collecting open source<br />
research on targeted electric companies,<br />
externally scanning those companies'<br />
networks and attempting to gain access<br />
through either credential stuffing or stolen<br />
credentials.<br />
"The Trisis malware used in the attack on<br />
Saudi Arabian petrochemical plants and now<br />
recurring in probes conducted against US<br />
industrial control systems is just one example<br />
of the increasingly complex threats posed by<br />
modernising legacy software," says John<br />
Titmus, director EMEA, CrowdStrike. "Across<br />
many of these facilities, previously air-gapped<br />
systems are now being connected to public<br />
internet, in order to make use of internet of<br />
things (IoT) technologies.<br />
"This news highlights the critical importance<br />
of leveraging threat intelligence to mount a<br />
proactive, rather than a reactive,<br />
cybersecurity defence. For groups like<br />
Xenotime, who have proven their capability<br />
at acquiring, reverse engineering and<br />
developing attack packages for industrial<br />
control system equipment, reactive measures<br />
are insufficient to address critical<br />
infrastructure threats," he states.<br />
As supply chain attacks from nation-states<br />
and other cybercriminals persist in plaguing<br />
organisations and government agencies,<br />
the effectiveness of current cyber-security<br />
methods is called into question. "While<br />
individual components may be labelled<br />
as cyber-secure, it only takes a single<br />
vulnerability to compromise the entire supply<br />
chain. To remedy this and improve OT<br />
(Operational Technology) hygiene,<br />
continuous monitoring and enhanced<br />
detection below the OS-level is essential.<br />
Today, most security products remain<br />
blind to attacks that attempt to leverage<br />
vulnerabilities in, for instance, BIOS<br />
firmware. Accessing endpoints in this way<br />
compromises the entire system and can even<br />
persist across reboots and reinstallation of<br />
the operating system."<br />
Titmus believes that firmware and<br />
hardware-level visibility into these<br />
vulnerabilities and attacks is the best option<br />
for protecting the supply chain - and can<br />
even prevent attacks before they have a<br />
chance to take off. "Importantly, this level<br />
of visibility allows cyber security teams to<br />
discover dormant threats that have not yet<br />
been detected. Industrial networks are<br />
particularly at risk to these types of attack,<br />
since their security has often been neglected<br />
for years; malware can spread rapidly from<br />
individual infected devices to the whole<br />
office, to plants in other countries."<br />
30<br />
computing security July/August 2019 @CSMagAndAwards www.computingsecurity.co.uk