Efficient Plant January 2018 - 19
feature | operational strategies
A RECENT TWO-PART blog by
Mille Gandelsman and Yariv Lenchner
of Indegy (indegy.com, New York) put
the New Year into perspective with
regard to industrial cybersecurity.
Part I examined threats that industrial IT and OT security professionals
can expect in 2018 and beyond. Part
II highlighted some things that are
on the horizon for the industrialcontrol-system (ICS) security area.
The discussion began with the authors'
acknowledgement of the increase
and acceleration in connectivity and
digital transformation in industry over
the past few years-and the fact that
continuing advances in such initiatives
will be introducing new cybersecurity
challenges and landscape changes.
Their predictions, divided into a
bad news/good news scenario, are
summed up here.
THE BAD NEWS
Ransomware will continue wreaking
havoc on industrial organizations.
In 2017, global ransomware outbreaks such
threat: It has quietly developed a cyber
as WannaCry, NotPetya, and Bad Rabbit,
army capable of unleashing attacks against
caused widespread disruptions among
critical infrastructure that could have globorganizations in all industries, including
manufacturing and transportation services.
Russia also has developed cyberIt's a good bet this trend will continue.
weapon capabilities. It has been accused of
The ransomware variants of 2017
extensive attacks on Ukraine's power grid,
weren't specifically designed for industrial
cutting off electricity to nearly a quarter of
networks. But, since these environments
a million people in December 2015, and
included many legacy Windows-based
taking down a transmission station in 2016.
systems that weren't properly patched or
In November 2017, during her annual
secured, they were easily compromised.
speech in London's Guildhall, U. K. Prime
Thus, it's important to apply appropriate
Minister Theresa May accused Russia of
patches and strengthen security controls to
attacking Britain's national power grid and
protect these systems.
its telecom companies.
Fortunately, the disrupThese developments,
tion to industrial organizaaccording to Gandelsman
tions caused by ransomware
and Lenchner, point to
has work to do
in 2017 did not directly
what is known as a "Red
affect automation controlButton" capability, whereby
to dealing with
lers. Controllers continued
adversaries have gained a
to operate manufacturing
foothold inside industricyberthreats.
and other processes, even
al networks and critical
after Windows-based opinfrastructure and are caerator and engineering workstations were
pable of shutting down power grids, water
compromised and became unavailable.
supplies, and other crucial operations with
Gandelsman and Lenchner do, however,
the push of a button.
predict that a new, more damaging type of
Introduction of IIoT (Industrial Interransomware will specifically target controlnet of Things) technology without full
lers. They cite a study conducted at Georgia
consideration of security will continue.
Tech (Georgia Institute of Technology,
The constant need to modernize industrial
gatech.edu, Atlanta) in early 2017, wherein
systems, increase productivity, and improve
researchers designed a cross-vendor ranmaintenance procedures is driving the
somware worm capable of targeting PLCs
implementation of IIoT technologies. This
that are exposed online. Given the fact this
trend can expose already-vulnerable ICS
proof of concept now exists, Gandelsman
networks to cyberthreats they have never
and Lenchner expect to see a threat in the
wild in 2018.
Designed by various industrial vendors,
There's a real possibility of a 'red
many IIoT technologies may not include
button' cyber weapon. While much of the
hacker protection. In turn, those devices
world's attention recently has been focused
might expose an ICS to a wide array of cyon North Korea's development of nuclear
berthreats and exploitation attempts. Since
weapons and long-range ballistic missiles,
OT environments lack visibility and securithe country poses another significant
ty controls, it is very difficult to detect such