IT in Manufacturing


How safe are our factories? Part 1: Cybersecurity for operational technology.

August 2021 IT in Manufacturing

How safe are our factories from cyber threats?

This depends on how automated the factory is and what levels of protection have been implemented from a people, process and technology perspective. Thanks to the Internet, threats can come from anywhere in the world, from someone with enough motivation, skill and resources.

Are we really at risk in South Africa and have any local factories been breached?

Sadly, if local companies have been breached, nobody is talking. This is understandable but does not help the broader community. According to a recent Forester Consulting report, 58% of organisations surveyed have had at least one operational technology (OT) security breach in the last 12 months.(1)(2)

In this series, I will further explore the topic and offer practical advice and resources to reduce the risk of an attack. I aim to raise awareness of the issues: why we should be concerned; recommend what can be done; and encourage a collective response. I will be using the term OT to cover industrial control systems, PLCs and scada technologies.

I started in the IT industry in the early nineties at a sugar mill on the south coast of KwaZulu-Natal. My role was to support the IT systems at the site. The company had a centralised mainframe at the head office in Durban, to which users connected via a LAN and a shared, leased line with a 9600 bits/s modem. Internet browsing and ‘external email’ were very limited. MS-DOS and text-based systems were the order of the day. Cyber threats were minimal. The Internet was still in its infancy – there were only a few million connected devices. There were basic security controls like anti-virus and firewalls and the plant had basic automation but no connectivity to IT.

Fast forward to today and the situation is vastly different. Internet connectivity is ubiquitous with billions of connected devices as the digital and physical worlds merge at an incredible rate. Cybercrime pays and is one of the primary motivations for cyber threats. It has become a lucrative business: the impact of cybercrime is estimated to be 1 trillion USD per annum.(3)(4)

According to an ISACA report on Advanced Persistent Threats, many industrial plants are far from immune from deliberate cyberattacks because that type of threat was not conceivable when the installations were originally designed. Components were not built to withstand sophisticated technical attacks and control systems were designed to be readily accessible across networks to mobile engineers. This has been exacerbated by Covid-19 and the shift to remote workforces.(5)

The latest weapon of choice is ransomware. This is the ‘heavy metal’ of threats and not to be taken lightly. It is an ingenious form of malware designed by organised cyber criminals to sneak into your systems, exfiltrate your data and then encrypt it. The victim is asked to pay a ransom in bitcoin for the encryption key and the leaked data to be deleted. If the ransom is not paid, your IT or OT systems will be inoperable and the data could be released or sold on the dark web (where ransomware can be bought as a service). This presents a few problems. The encryption used cannot be broken as they use the latest and best algorithms, plus there is no guarantee your stolen data will be deleted. There are only two options: pay up or reload your systems from backups. This assumes you have recent backups that have not also been encrypted.

The perpetrator can be anywhere in the world, masking their location and identity and bitcoin cannot be traced. The stolen data could belong to your customers or may be sensitive proprietary information and once the ransom is paid, the criminals often return for round two, if the original entry points they used have not been closed.

Can ransomware really jump to your OT systems? Unfortunately, yes. In addition to organised cybercrime, there are also other threat actors: Nation-states motivated by political gain and espionage have immense resources to design the ultimate cyber weapons, which are then reverse engineered and copied by others. Here are some examples:

• 2010 – Stuxnet malware made an appearance at Natanz, an Iranian nuclear enrichment facility. It was able to disable the plant by reprogramming Siemens PLCs to damage centrifuges. Suppliers to the plant were initially targeted and they brought it to Natanz via USB flash drives. Stuxnet opened a pandora’s box showing the way for future attacks on OT systems.(6)(9)

• 2013 – Havex exfiltrates large amounts of data from about 2000 energy grid operators and electricity generation companies in the USA and Europe. Reconnaissance is the first step in any cyber-attack.(7)

• 2015 – IronGate targets Siemens control systems and has functionalities similar to Stuxnet’s. Intentions were unclear.(7)

• 2015 – Black Energy targets critical infrastructure in Ukraine. 230 000 people were left in the dark for six hours.(7)

• 2016 - Industroyer causes outages in the Ukraine electric grid. Deployed by the Sandworm Team.(7)

• 2017 – Triton Framework used to gain remote access to an oil refinery. It had the ability to manipulate industrial safety systems.(7)(8)

• 2021 – Darkside Ransomware infects Colonial Pipeline’s systems affecting a large part of the USA’s fuel supply.(10)

Cyber-attacks on conventional IT systems mostly affect logical systems – money can be lost or stolen and brands or reputations can be damaged. OT operates in the physical realm where the dangers are real and can potentially threaten human life. A breach can shut down a plant and impact production and the bottom line. A comprehensive review of OT cybersecurity controls should be carried out at least once a year to ensure a safe working environment.

If companies are regularly being targeted overseas, isn’t it only a matter of time before someone with enough motivation, skill and resources targets us?(11)

References

1 Maurya. R 2020 OT Security Breaches Are Anything But Rare, https://www.cioandleader.com/article/2020/05/26/ot-security-breaches-are-anything-rare

2 Fortinet 2021 Independent Study Finds That Security Risks Are Slowing IT-OT Convergence https://www.fortinet.com/content/dam/fortinet/assets/white-papers/wp-report-ot-forrester.pdf

3 IT Web 2020 Cyber crime losses exceed $1 trillion: McAfee https://www.itweb.co.za/content/P3gQ2qGx1pnvnRD1

4 Mcaffee 2020 The Hidden Costs of Cybercrime https://www.mcafee.com/enterprise/en-us/assets/reports/rp-hidden-costs-of-cybercrime.pdf

5 ISACA 2013 Advanced Persistent Threats How to Manage the Risk to Your Business

6 Zetter. K 2014 An Unprecedented Look at Stuxnet, the World’s First Digital Weapon https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/

7 Rocccia. T 2018 Triton Malware Spearheads Latest Attacks on Industrial Systems https://www.mcafee.com/blogs/other-blogs/mcafee-labs/triton-malware-spearheads-latest-generation-of-attacks-on-industrial-systems/

8 Fireeye 2017 Attackers Deploy New ICS Attack Framework ‘TRITON’ and Cause Operational Disruption to Critical Infrastructure https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html

9 Gilbert. G 2013 International Space Station Infected With USB Stick Malware Carried on Board by Russian Astronauts https://www.ibtimes.co.uk/international-space-station-infected-malware-russian-astronaut-521246

10 Bloomberg 2021 Hackers Breached Colonial Pipeline Using Compromised Password https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password

11 News24 2021 SA firms hit in massive ransomware attack https://www.news24.com/fin24/companies/ict/sa-firms-also-hit-in-massive-ransomware-attack-20210705


About Bryan Baxter


Bryan Baxter.

Bryan Baxter has been in the IT Industry since 1992 in various roles before recently joining Wolfpack Information Risk. He has helped customers successfully manage and deliver IT infrastructures to around 7000 users in several countries, where, of course, the recurring theme has been keeping customers secure from cybersecurity threats.

For more information contact Bryan Baxter, Wolfpack Information Risk, +27 82 568 7291, bryan@wolfpackrisk.com, www.wolfpackrisk.com


Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Siemens’ software for digital transformation of automotive design
September 2021, Siemens Digital Industries , IT in Manufacturing
Model-based development process and systems are used in Japan and globally to adapt to the biggest automotive transformation in 100 years.

Read more...
Security for operational technology: Part 2: How much of a cyber threat are people to OT systems and what can be done?
September 2021, Wolfpack Information Risk , Editor's Choice
The recent cyber-attack on Transnet is a wake-up call that South African companies are not immune from cyber threats.

Read more...
Is track and trace through the factory a waste of time?
September 2021, Iritron , IT in Manufacturing
Modern track and trace solutions are purpose-built to introduce as little disruption to the existing production process as possible, while also being flexible enough to cater for plants that range from fully manual to fully automated.

Read more...
Modularity for scalability
September 2021, RJ Connect , IT in Manufacturing
Businesses are looking for versatile solutions that are easy to maintain to ensure smooth operations while keeping costs down.

Read more...
Saryx launches TMP
September 2021 , IT in Manufacturing
The digital transformation that has swept the world in the past few years has fundamentally altered most people’s approach to technology, with an increasing number seeking the ability to manage their ...

Read more...
Secure boundaries enhance industrial cybersecurity
September 2021, RJ Connect , IT in Manufacturing
When enhancing cybersecurity, it is important to understand how industrial systems are exchanging data and how they connect to IT-level systems.

Read more...
Siemens drives digital transformation at virtual Smart Mining forum
September 2021, Siemens Digital Industries , IT in Manufacturing
With its motto: ‘On the road to the digital future’, Siemens hosted its virtual Smart Mining forum from 3-5 August.

Read more...
Deep-learning AI made accessible
September 2021, SICK Automation Southern Africa , IT in Manufacturing
SICK Automation has launched a set of deep-learning software and services called dStudio, making artificial intelligence (AI) more accessible to the southern African market. This software works with machine ...

Read more...
HSEC Online simplifies health and safety compliance for companies
Technews Industry Guide: Sustainable Manufacturing 2021 , IT in Manufacturing
This automated, cloud-based solution provides a transparent, collaborative workflow platform which eliminates most of the manual complexities of health and safety document management compliance.

Read more...
Creating factories of the future
Technews Industry Guide: Sustainable Manufacturing 2021, SEW-Eurodrive , IT in Manufacturing
Raymond Obermeyer, managing director of SEW-Eurodrive South Africa, explains that Industry 4.0 includes all the opportunities for digitally networked production.

Read more...