It is crucial that organisations do not allow cybersecurity and operational digitisation projects to happen in silos
IT’S no secret that cyberattacks on industrial systems and critical infrastructure are increasing in both volume and sophistication. Today, cybersecurity measures are an unavoidable day-to-day necessity. However, what many organisations don’t know is that these technologies can deliver additional benefits over and above simply protecting the digital enterprise. Properly integrated as part of the connected infrastructure of a plant, they can also help enhance productivity by spotting issues such as atypical activities and system issues before they cause problems.
According to recent research from the World Economic Forum (WEF), cyberattacks are now the biggest concern for businesses in advanced economies. Further, the global exposure to risks from cybercrime is increasing as firms become more dependent on digital technologies. The explosive growth of the Internet of Things (IoT) is expanding the surface area open to cyberattack, with the number of interconnected devices expected to jump from 8.4bn today to 20bn by 2020.
Risks can be mitigated if organisations take steps to protect themselves, but there is evidence that those in the process industries are failing to do so. For instance, a study from LNS Research1 found that just 37% of the oil and gas facilities surveyed are monitoring for suspicious behaviour, despite more than half having experienced security breaches in the previous year. The report indicates that “industrial companies woefully under-invest in industrial cybersecurity best practices across people, process, and technology, and survey results illustrate shortcomings in all of these areas.”
While modern, targeted cyberattacks are a major focus for most organisations, it’s important not to lose sight of long-standing threats faced by the sector, as well as the role that end-user behaviour can play in exacerbating them. New research by Honeywell shows that removable USB media devices, such as flash drives, continue to pose a significant – and often intentional – cybersecurity threat to a wide array of industrial process control networks. While not a new problem, it does highlight how engrained user behaviour needs to be constantly challenged and how hackers will exploit any means possible to reach your control systems. The latest threats also go beyond mere file infections, to taking over system commands remotely by exploiting the USB device.
Properly integrated as part of the connected infrastructure of a plant, cybersecurity measures can help enhance productivity by spotting issues such as atypical activities and system issues before they cause problems
The report’s data from 50 industrial locations showed that nearly half had faced threats as a result of removable USB devices. Moreover, it revealed that 26% of the detected threats were capable of significant disruption by causing operators to lose visibility or control of their operations. These threats targeted a wide variety of industrial sites, including refineries and chemical plants around the world, and the threats themselves ranged in severity. About a sixth targeted industrial control systems or IoT devices.
Worryingly, among the threats detected were high-profile, well-known issues such as TRITON and Mirai, as well as variants of Stuxnet, an attack type previously leveraged by nation states to disrupt industrial operations. In comparative tests, up to 11% of the threats discovered were not reliably detected by more traditional anti-malware technology. The data reminds us that it’s not just spreading malware, but malicious misuse of USB devices to take over system controls that comprises the threat.