In the Internet world , because ICS/SCADA( Industrial control system / Monitoring and data acquisition system ) The system is physically isolated from the Internet, so the old idea of being immune to network attacks is no longer applicable . Although many companies have acknowledged that traditional physical isolation is disappearing , Some companies still believe that this is a practical security measure .
Theoretically , Physical isolation sounds like a great strategy . But in practice , It's not always that simple . Even when businesses have taken all available measures to isolate their ICS The Internet , Cut off from the outside world , We can still see cyber threats coming across the border . meanwhile , Even if it's possible to completely physically isolate ICS The Internet , Insiders still pose a threat .
Whether or not the enterprise has achieved physical isolation ,ICS There are risks in the Internet . What is the reason why , Let's listen to the people in the industry ：
1. The need for file exchange
Even in the operation technology of physical isolation (OT) Environment , Documents must also be exchanged with the outside world . Examples include software patches and system integrators 、 Contractor and other third party documents, etc . Opponents can take advantage of this , Trick employees into installing fake software updates and patches , Or transfer files with malware to industrial networks .
Earlier this month , Blackmail software authors spread the name “Allenbradleyupdate.zip” Malicious files , Legal updates disguised as Rockwell Automation . If the blackmail software is successfully installed , Will lock the victim computer , You can't log in to the system until the owner pays the ransom . Control system owners and operators are tricked into installing malware , do harm to ICS The threat of the Internet is very real .
2. Infected personal devices
A lot of employees connect their personal devices to ICS The Internet , Whether it's just for charging , Or through USB Transfer some files . Infected personal devices can introduce malware into the network , to ICS The Internet brings cyber threats .
2011 In a study in 2005 , Department of homeland security (DHS) Employees intentionally drop data disks and U disc . Research Report shows ,60% The falling device ( It's easy to contain malicious code ) It's all plugged into the computer of a company or organization .
More recent examples , Nintendo has released a hot game “ Pokemon (Pokemon Go)” Limited edition of App. The attacker took advantage of people's interest in the App The desire of , In the third party App There are fake Pokemon in the shop App, Once installed, it will take control of the victim device .ICS Employees don't pay attention to false App Download immunity , Then connect their personal devices infected with malware to ICS The Internet , It allows malware to spread and infect more assets .
3. Loopholes and human error
Like all networks ,ICS The environment is also good for soft / Hardware vulnerabilities 、 Design defects, etc . Because safety was not taken into account in the design ,ICS The Internet is even better than IT The Internet is more at risk . Manufacturers and security researchers often expose new vulnerabilities in operating technology . However , majority ICS The network system is not updated regularly .
In some cases , Defects in network architecture or configuration , It will also create loopholes that can be exploited by hackers . for example , Temporary remote access connection for integrators , If you accidentally forget to close , There are serious security risks . in addition , Need remote access ICS The Internet , And there is no secure access mechanism available , It's possible to resort to “ Creative alternatives ” To do your job . These unplanned connections , Could be a leak point , Exposing Industrial Networks .
4. Insiders threaten
because ICS Lack of authentication or authorization in the network , Trusted insiders ( Employee 、 Integrators 、 contractor ) They have unrestricted access to key assets . Whether they make mistakes unintentionally , Or sabotage with discontent , The results are comparable to those brought by external enemies ( It's even more serious ). Even if the network is completely physically isolated , No immunity to insider threats . The only protection against this method of attack , Through continuous monitoring and better access control .
5. Internet technology and industrial Internet of things (IIoT)
As we enter the next stage of modern manufacturing , Networking technology is increasingly deployed in the manufacturing industry . Internet technology is sometimes called industrial Internet of things , It provides a lot of convenience for modern life . Smart sensors are used to automatically improve performance 、 Security 、 Reliability and energy saving . These technologies allow the operations manager to inspect the machine at any time 、 technological process 、 Inventory and so on , No matter where these things are located .
This point , Yes, in other places 、 It is particularly useful for subcontracting manufacturing plants or supplier plants . To take advantage of these networking technologies , Facility operators have to open up their networks , It eliminates physical isolation , Exposing the Internet to external threats .
No matter what ICS Whether the network is physically isolated or not , They are all defenseless against security threats .ICS The biggest obstacle to safety , It's about what happens in the control layer —— That is to say Access and change of industrial control equipment , Lack of visibility and control . To detect and respond to security events in the business system before the damage is caused , Specially for ICS Environment, not IT New monitoring tools created by the environment are necessary .