Many critical infrastructure systems, such as those that control the electric grid, oil and gas refineries and transportation, are now getting linked to the internet. That makes them easier to manage and maintain but also could put them in the line of fire for cyber attacks.
I recently discussed the issues involved in upgrading and protecting these critical industrial control systems with Patrick McBride, chief marketing officer at Claroty, a startup that intends to secure the operational technology networks that run companies’ infrastructure systems. A few big takeaways from our conversation:
Old systems, new protections
When industrial systems were built, sometimes decades ago, no one considered the need for digital protections. “The systems were never designed, especially 10, 15, 20 years ago, with cybersecurity in mind,” McBride told me. Their primary design goals were the safety of the workers and the resilience of the systems, he said. “Security wasn’t even an afterthought. It wasn’t a thought.”
See also: How Tech Created a New Industrial Model
Now, a new class of tools is coming online to help monitor these legacy systems. Using behavior analysis and anomaly detection, they are designed to catch intruders early in the attack life cycle. “Monitoring technology is going to play a huge part in this environment,” McBride said.
Mishmash of systems leaves exposures
Big industrial plants are careful about what they put on their networks, but some are putting wireless and other access points on systems as time-saving techniques to gather data more efficiently.
When organizations began to recognize the need for cybersecurity, some traditional IT security vendors repurposed existing technology, McBride said.That didn’t work particularly well, because in the industrial control systems, the networks speak to other kinds of protocols.“You’ve got a whole set of overwhelming business value from pulling data out of those plant systems and being able to provide that information back to the executive,” McBride said.
For example, there are a lot of Windows XP machines in industrial environments that keep air conditioning going, or run chemical manufacturing plants and refineries.
Potential for escalating industrial attacks
In December 2016, attacks on the Ukrainian power grid cut off a fifth of all electrical power in the capital city of Kiev. The purposeful takedown was attributed to Russia. The troubling fallout: Threat researchers around the world have found indications of the type of malware used in Ukraine on other energy and industrial companies’ networks, McBride said, showing that hackers are at least probing for vulnerabilities.
See also: It’s Time to Accelerate Digital Change
But threats from nation-states are only one issue. “There are other categories that people are really starting to worry about. If you combined the ease at which it is to gain a foothold on these networks and the relative ease you can attack these systems, it’s not hard,” McBride said. “You don’t have to squint too hard to say … ‘Terrorist organizations might want to do this or buy expertise to help them do that.’”
This post originally appeared on ThirdCertainty.
