NOV-DEC 2017

Issue link:

Contents of this Issue


Page 10 of 61

devices, into indus- trial settings most as- suredly increases the number of elements vulnerable to cyber- attack. The Decem- ber 2016 Mirai-based distributed denial of service (DDoS) cyber- attack illustrates the situation; the attack was attributed to IoT devices first being infected with malware, and then being coordinated in the DDoS attack on major Internet routers. Similarly, the Devil's Eye malware that is within approxi- mately 200 million IP security cameras—many of which are deployed within industrial facili- ties—further illustrates the need for a change in cybersecurity policy and best practice guidance and implementation. Examined another way, as stated in a keynote address at the 12 th Annual Cyber and Information Security Research Conference at Oak Ridge Na- tional Laboratory, "You are spending more and more money on cybersecurity, but the hacks and intrusions continue to increase in sophistication and frequency, so you need to spend more, and the solutions just seem to continually add com- plexity with your organization ever in a reactive mode . . . in other words, it's costing the organi- zation more—much more—and you're getting less protection. It is a game that you are losing. So, if you can't win the game—in this case, cyber- physical security of automation systems—what do you do? Change the game!" Time for a change Let's be clear. As ICS-CERT and others report, industrial control and SCADA systems are be- ing bombarded with an array of cybersecurity attacks. That situation is coupled with reports about the financial sustainability of current methods, which include a seemingly endless stream of "fixes" like software patches, unidirec- tional information flow and firewall enhance- ments, and an array of "better" IDS/IPS/UTM software solutions, all operating as a bolt-on to the existing core design. It simply cannot be overstated that if one simply looks at the Inter- net connectivity of most (some say all) automa- tion system designs—for remote access to pro- vide firmware updates and, in certain instances, direct cloud-based data services—you immedi- ately see cybersecurity vulnerabilities. To put this statement into context, consider the cyber-physical security situation for the connected to the Internet and is then connected to an OT/IT device (à la the Stuxnet malware in - jection into an OT system). The complexity of such integrated systems ranges from simple supervi - sory control and data acquisition (SCADA) remote terminal unit topologies to large-scale industrial control system (ICS) architectures with tens of thousands of control and monitoring points. In January 2016, the U.S. Department of Homeland Security stated, "advanced persis - tent threat (APT) nation-state cyber-actors are targeting U.S. energy sector and industrial automation and enterprise networks primarily to conduct cyber espionage. The APT activity directed against sector ICS networks probably is focused on acquiring and maintaining per - sistent access to facilitate the introduction of malware, and likely is part of nation-state con - tingency planning that would only be imple- mented to conduct a damaging or disruptive attack in the event of hostilities with the United States." What protective measures can help us safeguard the integrity and security of the SCADA and ICS communications that operate our infrastructure? This was the featured topic in a 26 October 2017 U.S. Senate hearing on cy - bersecurity of the electric grid. Meanwhile, financial analysis reveals that the current methods of applying cybersecurity tools to address such threats—including firewalls, (the ill-named) "data diodes," intrusion detec- tion (IDS), intrusion prevention (IPS), and uni - fied threat management (UTM) systems—are inefficient at best and are financially unsustain - able. As stated in that report: "The current strat- egy of most organizations—layering on many different technologies—is not only proving inef- fective, it is overly complex and expensive." "The status quo is not sustainable," says Keith Weiss, head of U.S. software coverage for Mor- gan Stanley. Even as companies spend more on cybersecurity, losses related to cybercrime have nearly doubled in the last five years." Enter ever-advancing technology. Although potentially increasing "visibility for more effi- cient operations," the introduction of Internet of Things (IoT) devices, in particular IP-addressable COVER STORY FAST FORWARD l The increase—in number and sophistica- tion—of cyberattacks on automation sys- tems shows no signs of diminishing. l The financial aspects of current cybersecu- rity policies are unsustainable—and have limited "success." l It is time for a fundamental change in auto- mation cyber- and cyber-physical security: Meet DarkNet. INTECH NOVEMBER/DECEMBER 2017 11 "The current strategy of most organizations—layering on many different technologies—is not only proving ineffective, it is overly complex and expensive."

Articles in this issue

Archives of this issue

view archives of InTech - NOV-DEC 2017