The Value of Air-Gap Local Industrial Control Systems
Utilities Face Challenges in Securing Legacy ICS
Most industrial control systems were not designed for public connections. They were created to perform specific internal functions related to the provision or management of public services.
However, the ingrained nature of these systems makes it difficult for companies to remove and replace them. the time and costs involved are often prohibitive and can result in days or weeks of service disruptions. As a result, many agencies have chosen to give ICS limited access to other systems on the network to better manage services.
But this connection creates a challenge: if attackers can compromise edge systems and move laterally through networks, they may be able to access industrial control systems and take control of basic utility functions.
It is not an unnecessary concern. Consider the recent attack on a water treatment plant in Oldsmar, Florida. After compromising the agency’s ICS, a hacker increased the level of sodium hydroxide in the local water supply to 100 times its normal concentration. Also known as lye, sodium hydroxide is used to manage water acidity and remove metals from drinking water. In high concentrations, however, this chemical can cause pain, vomiting, bleeding, and burning.
Fortunately, the attack did not last long. An operator noticed that the cursor on his screen moved around without his intervention, and once he regained control, the attacker left, allowing the operator to return laundry levels to normal, s’ making sure no one was hurt.
What are the government’s concerns about securing the IIoT?
The fact that an attacker was able to access this type of function is concerning. This indicates a heightened awareness among malicious actors that industrial control systems are not only connected to wider networks, but can be accessed and compromised to put citizens at risk.
The threat grew: on April 13, the US Department of Energythe Cybersecurity and Infrastructure Security Agency and the FBI issued a joint statement warning that “some advanced persistent threat actors have demonstrated the ability to gain full system access to multiple industrial control systems/supervisory control and data acquisition devices.”
Attackers also exploit vulnerabilities such as CVE-2020-15368allowing them to compromise Windows desktops commonly used in operational technology environments and move laterally through organizations to breach ICS tools.
What measures can utilities take other than air spacing?
Although air spacing can limit the risk of unauthorized access to critical ICS data, it is only one element of a successful security program.
“Federal agencies and state and local governments are increasingly working with critical infrastructure providers to strengthen defenses and reduce the vulnerability of integrated information and operational technology networks,” Richberg said.
Other ways to enhance ICS security include:
- Segmentation networks: Logically segmenting networks rather than physically separating them can provide increased visibility without significantly increasing risk.
- Securing endpoints: Better security of on-premises and cloud-connected endpoints through robust network mapping solutions can help agencies identify potential attacks before they gain access to ICS infrastructures.
- Zero trust architectures: By requiring proof of identity rather than assuming it, utilities can limit the number of users on their networks, reducing the risk of ICS compromise.
- Multi-factor authentication: Both two-factor authentication and MFA offer an additional layer of challenge to ensure that users are who they say they are and that attackers are locked out of ICS networks, even if they compromise a access road.
Additionally, Richberg points to the increasing use of technologies such as data diodes or unidirectional gateways that allow the flow of information in only one direction. This in turn allows ICS components to report performance issues but not receive incoming malicious commands.
ICS risks are growing as attackers seek to compel utility agencies to act immediately. Air gaps are a solid starting point to reduce the risk of ICS compromise, but provide enhanced protection when combined with additional elements such as network segmentation, endpoint security, zero architecture trust and MFA authentication.