In the manufacturing sector, industrial control systems constitute a very important infrastructure. Their security is even greater.
Consider the scenario that follows:
Man 1: Hey! Could you take a look at the readings from turbine one on the monitor?
Man 2: Sure! Umm. It seems to be working fine.
Man 1: Ok. Thanks.
(Just then) (BOOM!!) (Man 3 comes rushing in with some news)
Man 3: We need to evacuate the building! Let’s go!
Man 2: Why? What happened?
Man 3: There was an explosion in turbine 1, and that has caused a fire near the reactor.
Man 1 and 2: What? It was working fine just now.
Man 3: Let’s just go. No time to talk. We’ll discuss it later.
In many different settings for the ICS, this can be the case.
This blog discusses the security consequences in the modern threat environment in Industrial Control Systems.
The various types of control systems and their related instrumentations used to perform or automate industrial processes are Industrial Control Systems. These systems comprise the systems, controls, devices, and networks used to conduct these activities.
Depending on the type of industry, the functions performed by each ICS vary. In order to manage specific industrial tasks efficiently, ICS are electronic and programmed. In today’s world, ICS devices and protocols are used in almost all industries and critical facilities, such as transport, production, water treatment, and energy.
Different types of ICS are available in the world, with the most common being Supervisory Control and Data Aquisition (SCADA) and the Distributed System (DCS). Components called Field Devices that receive control commands from different remote stations are also present.
SCADA is an ICS supervision type and is used mostly to supply other ICS components with monitoring commands. SCADA systems are constructed using commercially used Programmable Logic Controllers (PLCs) or other hardware modules.
Distributed Control System is used to control systems used for manufacturing and located at a particular location. Specifically or in a hybridized format, SCADA and DCS type of Industrial Control Systems can be used.
Today, these ICS are confronted by numerous cyber attacks which can damage the operations of many industrial sectors and destroy a country’s critical infrastructure and cause significant losses to several organizations.
If an ICS is hacked, that could result in the ICS failing and other harmful effects. Attackers could use malware to attack networks or systems, use phishing or other techniques of social engineering to access infrastructure or exploit the vulnerabilities present on the ICS for access to industrial networks and malicious activities.
Taking the example of the scenario discussed earlier on, any threatened actor could introduce malware in ICS systems and malfunction the systems and display false readings such as the turbine status displayed on the screen.
This can give industrial personnel a false sense of security that can, in turn, lead to catastrophic events, like a turbine explosion. Such activities can become an important reason for the organization’s reputational and financial losses and could also lead to precious lives for people working in this environment.
Stuxnet is a malware that is responsible for several countries ‘ major industrial disruption. It focuses on the SCADA system’s programmable logic controllers. The attack on one of Iran’s nuclear power stations was one such attack by the Stuxnet assailants.
It has been reported that the malware is spread across an infected USB drive and targeted at the plant PLCs. The Stuxnet worm was uploaded to the computer of the plant through the infected USB drive, and then the controlled software of the centrifuges.
These centrifuges were separating and extracting the one important for both nuclear power and nuclear weapons, different types of radioactive material. The malware infected the control software of the centrifuges and confiscated control of the centrifuges.
The worm then drew the centrifuges at high speeds for a certain time and then gave them back to normal speeds. It continued for a month after which, for a certain time, the centrifuges were spinning at very slow speeds.
For several months the worm repeated this process. The attack destroyed approximately 20 percent of the centrifuges of the nuclear power plant and, consequently, Iran was forced to decommission all these centrifuges.
Such security events ought to awaken every industrial organization so as to ensure that industrial networks, endpoints and controllers are secured properly, so that opponents can neither use any other attack techniques nor leverage vulnerability to attack the ICS systems and, consequently, damage critical infrastructure, disrupt industrial operations or cause organizations or any loss.