In the recent past Industrial Control Systems (ICS) were rather insulated and had little to do with external devices or networks. Today, a growing number of industrial systems routinely interact with a host of external networks, devices, and users. Whether this is a hospital system, a plant manufacturing system, a city network, or a national level network, the fact that there is a lot more external traffic going through the system means the chances of an attack and of a data breach are significantly higher.
As organizations aim to achieve better performance and the most value for the money they invest, they continue to leverage systems that also compromise the integrity of the ICS.
The most common forms of attacks on ICS were those that targeted the hardware components of the systems. This involved various password spraying techniques together with brute force attacks to gain access to the network. The fact of the matter is that the legacy software and even the hardware that most OT networks employ have outdated vulnerabilities that cannot be resolved that easily, and in some cases cannot be resolved at all.
As soon as the attacker has gained access to the network their next move is to spread across the network and cause disruption across the network in every way possible. In extreme situations, this has compromised national-level networks and even upset entire economies.
Today cybercriminals are after more than just a quick payday. They want to be able to exploit a system to the extent where they can charge the price they want, rather than just being paid to get out of a network. Through the integration of IT and OT systems, this job has become more possible. As attackers gain access to the system they compromise the OT systems that are directly managing various hardware and machinery in the organization, essentially bringing a manufacturing plant to a standstill.
In turn, this affects the supply chain and has an effect on the industry as well as the global market. This is by far one of the most profitable forms of crimes for cybercriminals and if companies want to protect themselves from downtime they will have to look into solutions that can separate the impact of a network breach on their physical assets.
The first thing that organizations need to look into are old legacy systems. Even in situations where these systems are not connected to the internet, there is still a chance that they can be physically infected with a virus. Similarly, the operating systems and the software that these platforms use is equally outdated and just as susceptible to attacks.
The number of people and the kind of people that have access to these systems is also an area of concern. With no concept of user privileges and unfiltered access to these systems, there is no way to eliminate the possibility that a local user is planting the seed for the attack. Managing who can do what and who has access can go a long way in improving the security of these systems.
Similarly, the devices that are allowed to connect to the system should also be carefully monitored and inspected to ensure that these are all people who will not harm the companies network.