Industry leaders are not ignoring this problem. Many are starting to deploy unidirectional gateways, which are hardware-and-software solutions that securely integrate operations data with business networks and systems. The gateway hardware enforces unidirectional data flows, while gateway software replicates servers. The replica servers on the corporate network allow corporate users to access production data in real time without any threat to, or impact on, the real operations servers. Information can flow out of operations networks without allowing any network or remote-control attacks whatsoever back into the network.
These leaders are concluding that making operational networks rely on corporate IT servers in the name of IT/OT integration is a serious vulnerability. The secure way to apply IT processes, skills and infrastructures to operations networks is to deploy unidirectionally-protected parallel infrastructures on operations networks. A separate domain controller infrastructure for operations networks for example, allows IT technologies and processes to be applied to operations networks, without introducing dangerous dependencies on IT infrastructure servers which are exposed to constant threat on Internet-connected networks. Separate operations WANs and operations infrastructures allow businesses to exploit IT technologies, skills and procedures, without exposing operations networks to attacks originating on IT networks.
As a second layer of defense, leading device manufacturers are looking at incorporating application control technology or “whitelisting” to prevent Windows-based devices from falling prey to run-of-the-mill viruses, and to mitigating the slow patching cycles that are part of the engineering change control (ECC) discipline which is so essential to managing control-system networks. Specifying application-control protections in devices should become common practice when upgrading equipment.
Preparation for cyber sabotage starts now
Large, private-sector, critical-infrastructures have yet to suffer a major cyber-sabotage incident, but given the trends in attack capabilities and given the lack of corresponding defensive capabilities deployed at a majority of critical infrastructure sites, such an incident is just a matter of time. IT-OT convergence and IT-style security make plants more vulnerable to certain classes of attacks, not less vulnerable. To maintain control of massive investments in industrial processes, and to ensure safe, uninterrupted operations in the face of modern cyber threats, industry leaders need to reevaluate their approach to cyber security in their integrated IT/OT systems, and take action.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.