3 Common Attack Vectors for Industrial Control Systems

Oct. 21, 2021
A critical key to effective control system security requires understanding how cyber-attacks occur.

It’s been nearly impossible to miss all the news about the uptick in cyber-attacks on the manufacturing and processing industries over the past few years. The most recent uptick is not a surprising development, however, even though most manufacturers have faced fewer attacks compared to more consumer-oriented businesses.

One reason for the lag in attacks on industry was due to many hackers’ lack of familiarity with the industrial control systems (ICS) used in both the discrete manufacturing and processing industries. As a result, most business-focused cyber-attacks centered on breaches of enterprise IT systems, with which most hackers were already very familiar.

But when you consider the high profile and revenues of many industrial companies, coupled with the potential for significant business and community disruption made possible by attacking a company’s ICS, the incentive for hackers to become more familiar with ICSs was evident. Essentially, it was only a matter of time before industry became widely considered a target-rich environment for cyber criminals.

While plenty of advice exists for industrial companies around how to secure their ICSs, it’s also important for businesses to be aware of the principal types of cyber threats they’re most likely to face.

Prominent sources of attack

Craig Young, principal security researcher at Tripwire, a supplier of industrial cybersecurity technology, points tothree sources of cyber-attacks that industrial companies should be most aware of due to their potential to cause major disruption:

A disgruntled insider:The most critical threats often come from within an organization,” says Young. “This is especially true in ICS environments where employees have access to plant controls and deep knowledge of operational processes.” Young cites the Oldsmar, Fla., water treatment plant attack as an example of what is widely considered to have been a breach conducted by an employee. This attack is considered to be an inside job because the hacker(s) used “a legitimate company TeamViewer account, combined with apparent knowledge of the company’s human-machine interface,” said Young.

To limit the threat of insider attacks, Young suggests enforcing access controls and limiting administrator access. He adds that practicing strong password hygiene—like requiring multi-factor authentication, forced password expiration, and forbidding password sharing—is also beneficial.

A ransomware gang: Young says ransomware is commonly introduced to an ICS network in one of three ways: a phishing attack that targets employees; compromising an industry website that users may frequently download from; or by targeting VPN portals or other externally exposed IT infrastructure.

“The best way to protect against a ransomware attack is to employ security best practices, including vulnerability management,” says Young. “Attackers often scan the internet for targets rather than identifying a specific target and evaluating its network space. Therefore, network administrators need to be aware of vulnerabilities in externally exposed systems such as VPN portals and mail gateways.”

He also noted that it’s important to strengthen internal security by limiting VPN access and restricting access between unrelated servers. And, as with the remedies suggested to prevent insider attacks, limited permissions are key in this instance as well.

“Users should not have access to a system unless there is a specific business need,” stresses Young.

Read about the cyber-attack on Colonial Pipeline.

Advanced persistent threat: Because several high-profile ICS disruptions have been attributed to malicious hackers working for foreign military or intelligence agencies—such as the Triton and NotPetya attacks—it is “hard to understate the potential impact of a wartime ICS cyber incident,” says Young. “In addition to impacting the physical safety of plant workers and local communities, attacks can lead to long-term failures, including disruption of electricity, water, fuel, and other municipal services.”

In addition to the best practice security controls noted above, Young recommends accessing resources like ATT&CK and D3FEND—organizations that help industrial companies learn about known adversaries and how they operate. “This is critical for making informed decisions on how to not only reduce the risk of intrusion but also impede an attacker’s lateral movement while increasing the defender’s chances for detection,” says Young.

Companies in this Article

Sponsored Recommendations

Versatile 2-Pole Solution for Precise Automation

Altech Corp proudly presents the 2 Pole B-Trip DLS8 Series - UL508 Manual Motor Controller, a robust and reliable solution for precise motor control in your automation and control...

Advanced 4 Pole B-Trip Manual Motor Controller by Altech Corp

Discover superior motor control with the DLS8 Series - UL508 Manual Motor Controller, now available in a 4 Pole B-Trip configuration. As your trusted source for automation and...

Reliable and Efficient 1 Pole B-Trip Supplementary Protector by Altech Corp

Introducing the cutting-edge DLS7 Series - UL1077 Supplementary Protector with B Trip Characteristics, engineered for precise protection in diverse industrial applications. Altech...

Enhance Your Control Systems with Altech Corp's DLS7 Series - UL1077 Supplementary Protector

Discover reliable circuit protection with our advanced 2 Pole B-Trip Supplementary Protector designed to meet the diverse needs of industrial applications. Altech Corp, your trusted...