Cyber Insights 2023: ICS and Operational Technology

The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by continuing business digitization, an explosion of IoT and IIoT devices, the coming together of IT and OT networks, and the use of potentially insecure open source software libraries to bind it all together. For all its benefits, IT/OT convergence without proper security means threat actors can take down operations by exploiting an IT access point or a cloud vector. "This yields maximum financial or political gain for the attacker," continued Chassar, "Because businesses have more incentive to pay a ransom when their means of production are at stake, which can have a long-term impact on revenue and the supply chain." "Cyber attackers are increasingly weaponizing OT environments to attack hardware and software that control industrial processes and secure OT networks. Skilled workforce shortages and overlapping IT and OT environments can make cyber incident containment difficult." Supply chain attacks cannot be ignored, either on the IT side or directly against OT. "Supply chain attacks continue to evolve for both ICS hardware and software," comments Pascal Ackerman, senior security consultant for operational technology at GuidePoint Security. "Think implants for controls and automation equipment, attack chains that involve suppliers and service providers to ICS owners as an initial foothold or pivot point, and compromises on controls and automation vendors' file repositories with the purpose of adding implants in the provided software." Learn More at SecurityWeek's ICS Cyber Security ConferenceThe leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity. Icscybersecurityconference.com Geopolitics and the Russia/Ukraine war "One of the biggest concerns around the potential for large-scale attacks in the wake of the war in Ukraine is around ICS/OT," says Christopher Budd, senior manager of threat research at Sophos. "While we haven't yet seen attacks on a scale as feared, there have been documented attacks like this in Ukraine as part of the ongoing hostilities." "Besides the growth of hacktivist activity 'working' to internal and external political agendas," suggests Kaspersky, "We might also see more ransomware attacks on critical infrastructure due to the fact that it will become harder to prosecute such attacks." Specifically IoT/IIoT. "There are now more known vulnerabilities impacting IoT devices than IT devices," says Bud Broomhead, CEO at Viakoo, "And IoT devices are often the easiest for cybercriminals to access." IoT and IIoT is a massive and expanding part of the ICS/OT attack surface, providing an entry point, and enabling lateral movement. "Breached IoT devices are having devastating impacts," he continued, "Such as ransomware, data loss, changing the chemical balance in a municipal water supply, replacing real camera footage with deepfakes, or disrupting transportation systems." Wendy Frank, Deloitte's US cyber IoT leader, believes part of the threat comes from a lack of adequate security governance covering the implementation of IoT, IIoT, OT and ICS devices. As their number grows, so the expanded attack surface creates more security, data, and privacy risks. "Leading organizations," she says, "Will focus in the year ahead on connected-device cyber practices by establishing or updating related policies and procedures, updating inventories of their IoT-connected devices, monitoring and patching devices, honing both device procurement and disposal practices with security in mind, correlating IoT and IT networks, and monitoring connected devices more closely to further secure those endpoints, manage vulnerabilities, and respond to incidents." He expects to see: "Ransomware targeting the industrial environment - in contrast to ransomware on the IT side accidentally compromising the OT space - with attacks on virtualization stacks, data repositories, controls equipment like PLCs, and controls project repositories." Partly, this will be exacerbated by native code execution on PLCs, with the attacker adding arbitrary code to the PLC's OS, and paving the way for ransomware and rootkits running on the PLC. Winston is particularly concerned for those organizations without adequate segmentation between IT and OT, but notes that "Ransomware rarely uses novel methods - making the application of key elements of a defensible ICS/OT architecture particularly effective." Ian Pratt, global head of security for personal systems at HP Inc, sees an increase in session hijacking in 2023. "Increased use of features like Windows Defender Credential Guard are forcing attackers to pivot - either capturing users' passwords to enable lateral movement, or hi-jacking the remote session itself to access sensitive data and systems. The latter is particularly powerful." By targeting users with elevated rights, the attacks are more potent, harder to detect, and more difficult to remove. Session hijacking does not involve exploiting a fixable vulnerability - it is about abusing the legitimate functionality of remote session protocols, such as RDP, ICA and SSH. "If such an attack connects to OT and ICS running factories and industrial plants, there could also be a physical impact on operational availability and safety - potentially cutting off access to energy or water for entire areas." APTs targeting CNI through OT. "Attacks targeting critical national infrastructure tend to be the work of APT groups working on behalf of nation states with specific goals," comments Joseph Carson, chief security scientist and advisory CISO at Delinea. "These high-level adversaries are hard to defend against as they have the time and resources required to repeatedly test security measures and find gaps, whereas more opportunist criminals in search of profits will select soft targets," he continued. "Real economy sectors such as agriculture, logistics and transport, the alternative energy sector, and the energy sector as a whole, high-tech, pharmaceuticals and medical equipment producers are likely to see more attacks next year," they say. Attacks on the OT of critical industries have real world implications, which may worsen in 2023. "While hackers' activities will likely still be money-driven, we can expect to see human cost become more of a play in the following year." He is concerned that IT and OT security convergence is still not effective. "Attacks that have been close calls in the past will eventually have human costs." Liebig is also concerned about attacks on the energy grid. "As Ukraine stands its ground in its conflict with Russia, we're likely to not only see more attacks on Ukrainian energy infrastructure, but the US's infrastructure as well," he warns. "At the beginning of 2022, Homeland Security warned that domestic extremists had been developing plans to attack the US electric power infrastructure for years." As a result, he continued, "The combination of aforementioned factors makes the US's power grid more vulnerable to cyberattacks than it has been in a long time." "Many of the security basics are simply not present, such as leveraging roots of trust and trusted execution environment, strong cryptographic options, hardening, secure update and shipping with strong identity options and no default access, to name a few," he says. This results in customers setting up devices, but rarely coming back to manage the ongoing device lifecycle, let alone maintaining security aggressively as they should. "There are missed business opportunities for security services and secure management services as a service that are being left behind. Done correctly, there's not only lower risk for business, but there's money to be made and real value to provide." He adds, "2023 needs to be the year to reset ICS and OT standards for security." "From the practitioner side of ICS cybersecurity, 2023 will continue to see an overwhelming message of guidance, regulation, media, and FUD about topics such as ransomware, threat actors, and nation-states," he says. "The faster all of us can change this mindset; the more successful 2023 will be for defending critical infrastructure." There will consequently be continued movement from guidance to regulation. Jablanski offers a word of warning, more to do with party politics than geopolitics: "New direction and bolstered industry involvement will produce greater situational awareness, trust, and resolve across the critical infrastructure security community. As a warning, policymakers should avoid a partisan future for reducing cybersecurity risks to critical infrastructure."

This Cyber News was published on www.securityweek.com. Publication date: Wed, 01 Feb 2023 12:46:03 +0000


Cyber News related to Cyber Insights 2023: ICS and Operational Technology

Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
8 months ago Securelist.com
Cyber Insights 2023: ICS and Operational Technology - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by ...
1 year ago Securityweek.com
Threat landscape for industrial automation systems, Q1 2024 - In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of ICS ...
5 months ago Securelist.com
Resecurity and ICS Technologies join forces to improve cybersecurity in Iraq - Resecurity and ICS Technologies IRAQ, a well-established ICT System Integration Company with HQ in Baghdad, Iraq, have joined forces to fortify cybersecurity, fraud prevention and risk intelligence measures nationwide. This strategic partnership is ...
11 months ago Helpnetsecurity.com
Exploring Technology in Classroom Learning - This article aims to explore the effective utilization of technology to enhance classroom learning experiences. Technology plays a crucial role in facilitating effective and engaging learning experiences in the classroom. With the advancement of ...
11 months ago Securityzap.com
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
9 months ago Cyberdefensemagazine.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
10 months ago Scmagazine.com
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
9 months ago Securityzap.com
7 Critical ICS Flaws Unpatched as Critical Infrastructure Attacks Rise - As cyberattacks against critical infrastructure rise, there remains a number of unpatched vulnerabilities in Industrial Control Systems (ICS) that can be exploited. In a recent report from Cybersecurity Ventures, 100 percent of ICS nodes were ...
1 year ago Csoonline.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
Wargames director Jackie Schneider on why cyber is one of 'the most interesting scholarly puzzles' - In other games, we had people from Silicon Valley who were leading AI companies or cyber companies. What we found is those who had expertise in cyber operations were more likely to be more nuanced about how they used the cyber capability. On a larger ...
5 months ago Therecord.media
Darktrace and Garland Technology Collaborate to Help Businesses Secure Operational Technology Environments - PRESS RELEASE. CAMBRIDGE, England, Jan. 24, 2024 /PRNewswire/ - Darktrace, a global leader in cyber security AI, and Garland Technology, a leading manufacturer of network TAP, aggregator, packet broker, data diode and inline bypass solutions, today ...
9 months ago Darkreading.com
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
7 months ago Cyberdefensemagazine.com
IT Professionals in ASEAN Confronting Rising Cyber Security Risks - The ASEAN region is seeing more cyber attacks as digitisation advances. In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre ...
11 months ago Techrepublic.com
Cyber Insights 2023: Cyberinsurance - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. In 2022, Russia invaded Ukraine with the potential for more serious and more ...
1 year ago Securityweek.com
Does Pentesting Actually Save You Money On Cyber Insurance Premiums? - Way back in the cyber dark ages of the early 1990s as many households were buying their first candy-colored Macintoshes and using them to play Oregon Trail and visit AOL chat rooms, many businesses started venturing into the digital realm as well by ...
11 months ago Securityboulevard.com
Uncertainty Is the Biggest Challenge to Australia's Cyber Security Strategy - Political shifts could lead to changes in Australia's cyber security strategy. Early in 2023, as the Australian government started to craft its cyber security vision, it met with opposition at both ends of the political spectrum. On the right wing, ...
10 months ago Techrepublic.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
1 month ago Cyberdefensemagazine.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
11 months ago Cisa.gov
Unveiling the Power of NFC Technology - Key Components of NFC Technology Tags and Readers NFC technology is based on two essential components: tags and readers. This exchange of information is what enables NFC technology to be used for various applications, such as contactless payments, ...
10 months ago Feeds.dzone.com
Entertainment Transformed: The Impact of Technology - From music production to live events, from television and film to gaming and social media, technology has changed the way we enjoy entertainment in both positive and negative ways. In this article, we will explore how different aspects of ...
11 months ago Securityzap.com
Beyond Passwords: AI-Enhanced Authentication in Cyber Defense - In production and supply chain processes, most of the technology adopted is operated with machine learning and artificial neural networks, which computerize and completely perform the work procedures. Technology proves to be beneficial to society and ...
10 months ago Cyberdefensemagazine.com
The Evolution of Cyber Threats: Past, Present, and Future - Cyber threats have evolved significantly over time, posing increasing risks to individuals, organizations, and governments in our interconnected world. Let's explore the past, present, and future of cyber threats to better understand how to protect ...
9 months ago Securityzap.com
Meet Your New Cybersecurity Auditor: Your Insurer - As businesses deal with the fallout of massive ransomware waves, from Lapsus$ to Cl0p/MOVEit, an unlikely new entity is joining the regulatory bodies to raise the bar for cybersecurity: the cyber insurer. Their coverage requirements and ...
11 months ago Darkreading.com
Mississippi Creates New Cyber Unit and Names First Director - The state of Mississippi has recently announced the creation of a new dedicated cyber security unit, as well as the naming of its first director. The Mississippi Cyber Security Unit, headed by Director Kelly Hurst and backed by the Mississippi Office ...
1 year ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)