According to a recent survey by Kaspersky, over one-third of Industrial Control Systems (ICS) were attacked in H1 2021. Meanwhile, another survey carried out by SANS highlighted OT cybersecurity practitioners’ concerns about the integration of legacy OT technology with modern IT systems, insufficient labor resources, and IT staff not being able to understand OT operational requirements.
The figures not only reflect the severity of the ICS cyber threat landscape, but also indicate that the shortfall in skilled OT cybersecurity personnel has a direct and significant impact on critical industrial assets.
So with this in mind and to mark Cybersecurity Awareness Month, we decided to tackle some of the most common myths in the ICS cybersecurity realm, while paying particular attention to legacy systems. Here are ten myths that we regularly come across:
Myth: Industrial Control Systems (ICS) are secure when they are not connected to the internet.
Fact: ICS networks can be attacked through other means such as supply chains, insider threats, physical access, and removable media like USB drives.
Myth: Monitoring communications from levels 1 to 5 (of the Purdue Model) provides sufficient visibility of your OT network.
Fact: If an attacker intercepts communications between levels 1-0, they can send malicious commands to the field devices and spoof upstream data to show normal operations.
Myth: Safety Instrumented Systems (SIS) will safeguard critical assets, processes and people in the event of a cyber attack.
Fact: While SIS reduce risks to assets, processes and people, they too can be compromised by a cyber attack, which can then enable attackers to cause cyber-physical harm.
Myth: APTs only target large enterprises.
Fact: While APTs generally target larger enterprises and nation states, they often compromise small to medium sized businesses in order to gain access to a larger target along the supply chain. APT attacks can also spread to other smaller organizations even if they are not the original target.
Myth: ICS cyber attacks come from the outside.
Fact: ICS cyber attacks can come from external vectors through internet-facing connections, but also internal vectors such as insider threats and supply chain attacks.
Myth: Serial Communications will be obsolete in the next decade.
Fact: Industrial Control System manufacturers are still opting for RS-232, RS-485, and RS-422 serial interfaces today. These devices have an extremely long lifespan, therefore serial communications will be deployed for decades to come.
Myth: Serial to Ethernet Converters provide a secure mechanism for integrating legacy systems to routable networks.
Fact: Legacy systems will accept any command from a converter with no authentication of the message. Converters can expose these assets to attack if they are not sufficiently secure, patched and updated.
Myth: Any one of the major ICS Cybersecurity vendor solutions is sufficient for detecting and preventing an attack on ICS.
Fact: ICS cybersecurity is not one-size-fits all. Most ICS cybersecurity solutions focus on high-level TCP/IP network communications and only provide summary level visibility into serial networks, leaving serial-connected ICS vulnerable to attacks with cyber-physical effects.
Myth: There is no value in monitoring serial communications.
Fact: Monitoring serial communications is not only effective at detecting cyber intrusions, it also provides a means to capitalize on existing data to drive intelligence, enable interoperability, and improve productivity.
Myth: It is impossible to securely integrate legacy ICS with emerging technologies.
Fact: While it is true that legacy ICS are often incompatible with modern security solutions, ICS operators can bridge the gap with a security solution that eliminates blind spots by passively monitoring and alerting on legacy network traffic.
Where legacy control systems are concerned, it’s important to note that they pose a significant blind spot for OT operators. In order to overcome this, operators must safely and securely capture the real-time data that is being transmitted from field controllers to field devices and vice versa. Cynalytica’s SerialGuard AnalytICS Platform enables operators to do just that in a fully passive and fail-safe approach – all while helping to detect serial network intrusions. Visit the SerialGuard AnalytICS Platform page to find out how the technology can give you confidence in the integrity and operational state of your legacy critical infrastructure.