In order to better protect Industrial Control Systems from cyber attacks, companies should take heed from the wise words of successful military tacticians and the lessons learned from some of the greatest failures in military defence, says Tim Ricketts, Director of MAC Solutions.
In 2016, NATO officially recognised cyberspace as a warfare domain – an important change in perspective. But it is paramount that we look to history for some of the greatest failures in defence so that we may learn from these too.
Ricketts says that historical defence failures mirror many security breaches in the cyber realm, where a persistent threat will take full advantage of an opportunistic weakness in the defender’s wall. Organisations’ defences may be strong, but will always need entry points. though cyber defences do not have a wall, they have a moat, in the form of an air gap. This keeps an operational network seemingly safe from the outside world, with the ‘jump’ being too great for a conventional attack. No network, however, is truly isolated from the outside world, just as no city is ever truly isolated by a moat; there needs to be a way in to allow for updates and to access equipment remotely, and this will always leave the possibility for mistakes to be made.
Regular maintenance tasks, such as removing outdated pieces of equipment, can also be a vulnerability. When an engineer removes that piece of equipment, but doesn’t close the port, it leaves an open gate – one that has turned into an exploitable attack vector.
The National Crime Agency and National Cyber Security Centre has launched a report into ‘The cyber threat to UK businesses’ – see full report here.
The report explores numerous avenues of the UK cybersecurity industry; nothing that ransomware is a “significant and growing” risk. It also states that connected devices and wearables are at risk and are going to be targeted more in future.
“While the NCA report highlights a number of threats, perhaps the most notable (but not unsurprising) one is the increase in Internet connected devices,” says Zach Lanier, Research Director at Cylance. “We’ve already seen record-breaking DDoS attacks using insecure embedded devices, and with the rapid proliferation of even more IoT devices, it’s likely we’ll see more activity again in the near future.”