by Jeff England
Seems like not long ago that people left their cars unlocked, put their front door keys under the mat, and taped their computer passwords to their monitors as easy reminders. Likewise, industrial producers have traditionally focused on making Supervisory Control and Data Acquisition (SCADA) systems more reliable, flexible, efficient, and productive, but not necessarily more secure.
The world has changed.
Industrial organizations such as energy providers, water and utility companies, mining companies, pharmaceutical manufacturers, and food producers haven’t neglected security entirely. They know it’s important, but until fairly recently, they really haven’t thought they were likely targets. It seemed that attacks against wealthy private enterprises such as retailers and media companies would be more attractive to cybercriminals looking to make a buck.
Turns out that’s not true.
Over the last decade, attacks on industrial SCADA networks increased dramatically. In early 2013, the ICS-CERT reported a significant spike, as more attacks were registered in eight months than had happened in the previous 12 months. In early 2015, Dell Security reported that the number of reported attacks on SCADA systems worldwide had skyrocketed, from 163,228 in 2013 to 675,186 in 2014. And threat intelligence research company Recorded Future reported that the upward trend continued unchecked in 2015.
What’s different today?
Cybercrime has grown up
Monetary gain is no longer the only reason behind cyberattacks. Industrial processes such as power plants, factories, and refineries are part of the critical infrastructure of a country, and as such, they are political targets.
Attackers are aware of how serious a disruption in service from utilities, water, or energy producers can be to a country’s economy and its citizens. The effects of a successful attack were dramatically demonstrated by an attack on Natanz, Iran’s primary nuclear plant. As Homeland Security Today reported, the Stuxnet worm destroyed up to 1,000 uranium enrichment centrifuges. The attackers then lost control of the worm, which infected hundreds of thousands of computers that were not its initial target.
The new normal: extended layers of security
The dramatic upswing in attacks has forced organizations to address security more aggressively than ever before. It’s not enough to have a firewall in place. Instead, security must be applied at multiple layers. Security protocols must start with a written policy and vulnerability assessment and include:
- Network protection
- Access control
- Protecting applications
- Audit trails and intrusion detection
- Constant oversight and improvement
It’s no longer OK to leave the key under the mat. Today’s multi-layer protections create a well-guarded fortress, and constant monitoring means the doors are always being watched.