In February of this year, I tested positive for COVID-19. How did that happen? I social-distanced, wore a mask, dramatically limited my interactions with others, washed my hands regularly, and thought I was protecting myself. I believed I was reasonably “disconnected.” Turns out, I was not.
You may think your manufacturing systems or industrial control systems are similarly “disconnected” and safe. However, you may not be aware of the number of factors working against your assumption to threaten your systems.
What are these factors? Here are some potential back-channels into your systems that could allow cyberattacks to occur.
- Almost any time you connect a device to a USB port anywhere on the network, you could be breaking the disconnect. If any USB ports are open, anywhere on the controls or manufacturing network, then connecting a device—even just to charge it—is breaching the barrier. You are no longer disconnected.
- Are there devices that use wireless within the network? If so, unless access is tightly managed, wireless can be a place where the disconnect is broken. Sometimes devices are added to a network (maybe temporarily) and they have wireless enabled on them. Have you ever connected a laptop to work on the disconnected network and have wireless enabled on the laptop? The use of wireless can break the disconnect.
- Does your control system ever share a switch with another network? This is sometimes done for convenience, cost, or by an IT department (perhaps without realizing they are breaking the disconnect) and perhaps using a VLAN. Sharing switches with other networks can break the disconnect.
- Even if you connect a workstation that is not actively connected to a wireless network, it may have been connected (and/or infected) recently. After all, how are you going to get software updates or new configuration into your disconnected network? Connecting external devices such as laptops to the disconnected network can break the disconnect.
- It is not unusual, especially during the pandemic, for methods of remote access to the control or manufacturing systems to be established. Knowledge of the existence of these connections may be closely held and they may also be activated only when needed. Regardless, these remote access techniques represent a break in the disconnected paradigm.
- Perhaps what is meant by disconnected is actually “lightly” connected. The manufacturing or controls networks may have only a single point of access protected by a firewall that is tightly locked for in-bound traffic. Being actually connected by a firewall device, even one tightly controlled, is not disconnected. Also, pay attention to both the inbound and outbound firewall rules if you are using a common stateful firewall. If you lock down inbound requests but not outbound requests, you may have internal connections being made to e-mail or websites where malware can be encountered and introduced into your disconnected network.
This is not to say that you must find and kill all these back-channels. Just be aware that they often do exist and evaluate your risks accordingly. You can maintain that “it won’t happen to me,” but don’t believe the myth that it’s because you’re disconnected.