Industrial environments more vulnerable to cyberattacks
Outdated equipment and open networks make operational technologies at industrial complexes susceptible to cyberattacks.
Cybercriminals have long targeted industrial infrastructures, zeroing in on vulnerabilities through outdated operational technologies (OT) and open networks. OT uses the same communications with the same equipment at regular intervals, making it easier to predict when and how it is used, notes Telefónica Tech. Cyberattacks on OT systems may have more grave consequences than those targeting information technology (IT) and corporate environments because system changes could harm on-site employees.
The latest wave of cyberattacks has targeted water treatment facilities. On March 19, the Biden administration and the Environmental Protection Agency (EPA) warned of increased cyberattacks on U.S. water systems. They announced the formation of a Water Sector Cybersecurity Task Force to find ways to identify and reduce risks. However, all industrial environments could fall victim to a cyberattack, from transport and machinery manufacturing to food and automotive complexes. Cyberattacks can cripple pharmacies and other industries, as evidenced by the recent Change Healthcare debacle.
Once hackers are inside a facility’s network, they may target crucial systems such as altering processes to stop alarms from tripping or closing circuit breakers. Cybercriminals could add false values into a SCADA (Supervisory Control and Data Acquisition) system and mimic the outputs of power meters or sensors to cause equipment failure or shut down the company’s operating abilities, according to Accuenergy. This scenario happened in a 2021 cyberattack on the Oldsmar water treatment plant in Florida, where cybercriminals accessed the SCADA system and altered caustic soda levels in the drinking water. Luckily, an operator identified the unauthorized user in time to stop serious side effects among the population.
Outdated devices and practices
The firmware or software running industrial technologies is more vulnerable to cyberattacks, according to Telefónica Tech. These complexes rely on equipment that is typically outdated and not patched or updated regularly. For some, using older technology may actually safeguard against cyberattacks, but the rising need for corporate to connect with industrial processes through the cloud or internet makes these technologies more accessible to hackers.
Some industrial facilities use unencrypted network communications or employ insecure protocols that open the gates for cyberattacks, with easier access to passwords and other data.
“People also need to understand how to encrypt their data because most of the communications are still happening in plain text [in these environments],” said Irfan Shakeel, vice president of training and certification services at OPSWAT, a cybersecurity vendor. “Typically, [OT] should be the isolated network, and should not be available online… [when it is], it’s basically your organization welcoming attackers: ‘Hey, come and see what kind of devices we are using, and see that our devices are not properly patched.’”
Improving cybersecurity
Cyberattacks are targeting OT networks because they know it’s the weakest point of entry, Shakeel told Dark Reading. Training gaps among employees operating these critical infrastructure environments are one area for improvement. Accuenergy notes other weak points common in these facilities include increases in interconnectivity with IP-based devices that give remote access to facility data, using insufficient passwords and inadequate network configuration.
Telefónica Tech lists these tips for strengthening industrial complexes:
- Minimize network visibility to reduce the severity of the cyberattack.
- Improve staff training to avoid social engineering attacks.
- Generate new cybersecurity procedures and policies.
- Implement the appropriate technology to prevent or mitigate the effects of cyberattacks.
- Create and train employees on incident response procedures.
- Enhance monitoring of industrial networks with tools specializing in OT communication.
- Integrate a SIEM (Security Information and Event Management) system to funnel alerts to the same place and catch cyberattacks early.
Addressing these weaknesses can enhance cybersecurity and increase a facility’s ability to identify and fight against any cyberattack.
Related: