Automation and cloud technologies have improved the manufacturing industries to a great extent. Thanks to industrial control systems (ICS), closed and open loop systems have become much more efficient and effective. For starters, the ICSs take input from the smart sensors and calibrate the machinery and equipment according to the available data without human efforts—minimizing production time and resource demands.
In contrast to IT environments, managing vulnerabilities in manufacturing industries are much more critical. Due to literal human lives being at stake with OT security, it’s essential to understand and manage the vulnerabilities before they can make a significant impact. However, the slack approach toward industrial cybersecurity hasn’t changed much in recent years. This article will discuss a few tips to solidify vulnerability management for industrial cybersecurity.
Attacks on physical ICS-based systems are different on IT systems. The sensors, PLC, and DCS are vulnerable to disruptions or devastation from physical interventions and malware, bugs, and criminal attacks. A few past attacks are discussed in this section to make you understand the criticality of embracing better vulnerability management for ICS.
- A staged attack from the Idaho National Laboratory demonstrated how physical components of an electric grid might be controlled from outside. The attacker targeted a diesel generator and made the circuit breakers rapidly open and close—making them explode. Legacy communication and access control systems were found to be the underlying issue. While it was a controlled demonstration, it could’ve been much worse in the event of a legitimate attack.
- In 2008, attackers changed the units of a Turkish pipeline which caused the operators to increase the pressure in the pipelines beyond the capacity. This inadvertently caused an explosion and spilled 30000 barrels of oil to spill above a water aquifer—costing $5 million a day in transit alone.
Modern industries require robots and humans to coexist so these exploits can be devastating. Let’s discuss a few mitigation frameworks used to solve them.
Securing incoming and outgoing data from secure sources is paramount regarding vulnerability management in manufacturing industries. A malicious interception in communication can be harmful to manufacturing operations. In contrast to legacy systems, modern mediums use technologies like DES, AES, and Blowfish to encrypt data transactions and communication.
However, data encryption techniques can’t stop malware and malicious code from entering the system through insider threats or software vulnerabilities. Not encrypting the communications can prove to be a greater risk for cloud-based ICS systems as they can’t physically be isolated in the event of an attack.
Digital signature validation is a mathematically backed technique that ensures the authenticity of a command, message, or document. Typically known for its application in crypto environments, this proposed and minimally imposed framework helps manufacturing plants isolate and secure the nodes that may have been the subject of an attack or are vulnerable to zero-day threats.
Digital signature techniques often support encryption technologies to offer an additional layer of security over the communication system. However, they aren’t enough to address insider threats and attacks like DDoS and malware infestation.
Cloud-based platforms that support the ICS systems, including PLC and sensors, are secured through access control technologies. Access control offers unique identification to users with access to any particular system at any time. This mitigated the threat of insider attacks to an extent, but identity theft, phishing, and other issues persist. Awareness of security policies is adequate to mitigate most of these vulnerabilities.
Data encryption, digital signature, and scalable access control have proved adequate for cloud-based systems through attribute-based encryption and proxy re-encryption. Still, they are yet to prove their worth in mitigating the modern attack approaches.
Numerous frameworks have been proposed to develop intrusion detection systems for manufacturing industries through machine learning (ML). The first and one of the most popular proposed frameworks include using decision tree induction and multilayer perceptron for power systems used in electric grids. It focuses on detecting behavioral anomalies among users and operators to mitigate accidental grid damages. ML models for SCADA systems are also being developed to categorize attacks based on severity and priority.
The main issue with developing ML models for industrial security is the need for more samples. To train ML models, sufficient data samples of attacks and their mitigation procedures are required. Despite the severity, the number of attacks is still low in manufacturing industries compared to IT environments. Testbeds are often prepared to mitigate the issue.
Older programming languages, especially C or assembly, are prone to issues like buffer overflow and memory exploits. ICS systems developed through these languages are easier to overwhelm and install malware. Code-reuse attacks like Stuxnet are more prevalent in older return-oriented ICS software. Control-flow integrity ensures that the return-oriented codes are executed only through a predefined control-flow graph (CFG). Hence, any deviation from the CFG through code injection can be realized and addressed before they harm the system.
Moreover, in recent times, hardware-based CFI approaches have been practiced for better efficiency and security.
Typically, a single code-reuse attack vector infects as many systems as possible. Fine randomization of the applications’ memory layout forces the adversary to make necessary changes to their approach and delays, if not negates, cluster attacks on multiple systems. Besides memory randomization, binary rewriting, instrumentation, and ASLR are effective methods for fine-graining code randomization.
Hopefully, these seven tips for vulnerability management in manufacturing industries will help you stay ahead of the legacy and modern attack vectors that are swarming physical ICS systems. While the first step is to detect the attacks, data encryption and digital signature techniques can help you prevent them from happening. Scalable access control is also an effective strategy for prevention. Further, intrusion detection through ML, control flow integrity, and code randomization offer better stability and security for manufacturing industries.
If you like the content, we would appreciate your support by buying us a coffee. Thank you so much for your visit and support.