Cybersecurity for Industrial Control Systems: Attacks Are Everyone’s Concern
In “The Third Industrial Revolution” American economic and social theorist Jeremy Rifkin detailed how modern communication and new ways of generating and distributing energy had converged to produce fundamental economic change.
Unfortunately, one such change, the widespread use of computer systems to control manufacturing processes, has left many manufacturers vulnerable to cyberattack because they can be operated via the Internet.
Cyberattacks increased 110 percent in 2015 compared to 2016, and 2017 saw an increase in the amount of malware targeting Industrial Control Systems (ICS). Along with this growing trend, cyberattacks are likely to become more destructive, as a look at four of the most recent large-scale ICS cyberattacks demonstrates.
- Stuxnet, 2010: malware caused industrial machinery in Iranian nuclear facilities to malfunction, resulting in the destruction of between 900 and 1,000 centerfuges.
- BlackEnergy, 2014: a trojan, an attack strategy that involved using malware disguised as regular software, specifically targeted ICSs to conduct cyber espionage and destroy information.
- Industroyer aka Crashoverride, 2016: malware cut electricity to 20 percent of the city of Kiev, Ukraine for an hour. Industroyer provided attackers with multiple backdoors to execute command and control of ICSs and included code to erase registry keys and overwrite files, making recovery extremely difficult.
- WannaCry, 2017: access to anything from data to an entire computer system is blocked until money is paid to the hacker in this kind of attack, using viruses called ransomware. A new version of WannaCry recently caused a temporary shutdown of chip production facilities and adversely affected 10,000 computers at the Taiwanese Semiconductor Manufacturing Company.
ICS Cyberattacks: Are you at risk?
Some cyberattacks on ICSs are accidental, as ICS’s inherent complexity leaves them susceptible to damage from simple negligence or over-operation. Intentional attacks can be launched externally by hackers or internally by improperly screened, disgruntled employees with access to ICSs or their security systems.
Because ICSs are built upon commercial technology that is widely available, hackers often exploit key vulnerabilities to launch destructive external attacks. These hackers exploit both software weaknesses they discover on their own and known vulnerabilities left exploitable when patches and updates are not made in a timely manner.
Finally, while it is virtually inevitable that IIoT advancement will continue to push ICS complexity, humans will always be the key piece of the puzzle. How manufacturing, fulfillment and distribution professionals staff their facilities will remain just as important as their ICS software. No matter how complex the system at your facility, your staffing provider should be able to design and implement a workforce solution hyper-tailored to fit your organization’s specific needs.
Take a look at how Staff Management | SMX’s Recruitment and Placement Services can provide you with the semi- and high-skilled candidates you need to ensure your facilities’ systems are staffed and protected from cyberattack.