Industry 4.0,” the Industrial Internet of Things (IIoT), and other trends are capable of delivering many powerful benefits, but they can also lead to SCADA security vulnerabilities. Learn more about these trends, and how an innovative new approach from ARIA Cybersecurity Solutions can help address security concerns.
The good news is that IoT will offer advanced connectivity of devices, systems, and services that goes well beyond machine-to-machine (M2M) communications. The interconnection of all of these devices will result in increased automation in nearly all fields, leading to increases in efficiency, accuracy, and economic benefit as well as reduced human intervention.
Yet integrating IoT technologies within an organization may mean opening access to the IT infrastructure, which may make it less secure and more vulnerable to attack. Additionally, in the era of “Bring Your Own Device,” many devices may be brought into the environment. In these ways, IoT devices contribute to even more risk, especially since today’s intruders will not stop trying to find new ways to infiltrate business networks.
Research from IBM shows that 81% of companies do not have an operational technology (OT)-specific security incident response plan in place. It’s a real risk since attacks against supervisory control and data acquisition (SCADA) and industrial control systems (ICS) are especially alarming, since they present a real security threat to vital production facilities that could have a devastating impact on energy, utilities, transportation, and other systems that touch all of our lives.
Typically, these systems receive information sensors to monitor and measure key processes, which means ICS send commands and receive data (and alerts) from many different components. In the past, ICS did not have computing power or ways to communicate with other devices, applications, or systems. Yet, thanks to IoT, manufacturing and industrial processes are not only automated, but with ICS, they can collect and report on much more valuable data.
While this is beneficial, it still presents real SCADA security risks. For example, consider that industrial and manufacturing facilities tend to have building automation controls, industrial controls, alarms, cameras, badge access systems, and more. At a minimum, an infected computer can be taken over and controlled remotely, resulting in company data being exfiltrated or changed.
However, in most cases, the program logic control (PLC) components are connected to the internet, giving an attacker the ability to read applications and system data, install data packets designed to sabotage the production lines and related systems, or even corrupt the the entire corporate IT infrastructure.
In the worst-case scenario, an infected machine could cause physical damage in its immediate location. This could be catastrophic considering industrial examples such as water processing plants, energy generation, transmission, and distribution, oil and gas pipelines, and more.
To take advantage of any long-term benefits offered by Industry 4.0, manufacturing companies (as well as companies in other industries dealing with similar IoT or even IoMT device vulnerabilities) must establish an effective and efficient security management strategy and infrastructure for new smart factories.
Traditional network security technologies such as next-generation firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), antivirus software, and network-monitoring software are all designed to protect specific parts of the IT infrastructure, notably the perimeter and the north-south traffic that flows through it. While they all play an important role in any organization’s “security stack,” these tools still present various flaws that leave the company vulnerable to attack.
For example, IoT devices significantly expand any company’s threat surface and any existing perimeter defenses are not always designed to address this. Once an IoT device becomes compromised, and the hacker gains access to laterally spread across internal networks, existing IoT security solutions may not be able to stop the threat since they don’t have visibility into this east-west network traffic.
It’s a real blindspot. In 2018, one security firm’s incident response engagements in the manufacturing/industrial vertical found that in nearly 40% of the cases, the attacker had been inside the network for more than a year.
What is needed for SCADA security today is a straightforward and reliable way to detect anomalies, suspicious behavior, vulnerabilities, and threats across the entire network. Intrusion alerts generated by security tools need to be validated and stopped in minutes (if they’re real) to mitigate or prevent malicious acts, such as data exfiltration. Then, to prevent future attacks, a remediation plan needs to be put into place, which requires the detailed threat conversations available for the appropriate tools for analysis.
None of the above is easy to pull off, especially since today’s security tools are not designed for this level of speed, network monitoring (down to the conversation level), or the requirement to pass this information to the necessary tools for analysis (such as SIEMs, IDS/IPS applications, or SOARs). In addition, most companies lack the resources or the time to manage these processes in addition to their normal business operations. This is where the expertise and tools of a security specialist, like ARIA Cybersecurity Solutions, are worth exploring.
The ARIA Software-Defined Security (SDS) solution can overcome these IoT vulnerabilities by providing improved network visibility, in the form of Netflow metadata for every network packet, and directs this to other security tools for analysis. In fact, we have created out-of-the-box integrations with security tools including Splunk, Sumo Logic, Juniper, Demisto just to name a few so that they can instruct our ARIA SDS solution to stop only those threat conversations, without having to take systems offline.
Our ARIA SDS solution is different from other security tools because it is deployed transparently in the network, not on the IoT device itself. This permits ARIA SDS to monitor any IoT device on the network by watching the traffic as it flows to and from them. The monitoring is conducted at aggregation points in the network that are intentionally located one step back from the wireline network. This closes the notorious gap presented by highly fluid east-west traffic between a public or private cloud, on-premise data centers, hybrid environments, and even communications between virtual machines.
To learn more, watch our on-demand webinar, “Detect and Surgically Remove Network-borne Threats” today.
ARIA Cybersecurity Solutions recognizes that better, stronger, more effective cybersecurity starts with a smarter approach. Our solutions provide new ways to monitor all internal network traffic, while capturing and feeding the right data to existing security tools to improve threat detection and surgically disrupt intrusions. Customers in a range of industries rely on our solutions each and every day to accelerate incident response, automate breach detection, and protect their most critical assets and applications. With a proven track record supporting the Department of Defense and many intelligence agencies in their war on terror, and an award-winning portfolio of security solutions, ARIA Cybersecurity Solutions is committed to leading the way in cybersecurity success.