Opponents are getting smarter and more efficient , And more and more skilled in penetrating Industrial Networks . This fact is reinforced by data from a recent survey by booth Allen consulting . The company surveyed the world 314 I have an industrial control system (ICS) The company , Find out about it 34% In a year 2 More than one data leak .2015 year ,ICS The number of security incidents reported by operators to relevant U.S. agencies is more than in any previous year .
Today's ICS The threat situation faced by operators , It's more dangerous than ever . The scale of the targeted threat 、 The type and severity are increasing rapidly . Many industry operators have found that , Cyber attacks have done damage to their systems , In some cases , Even physical damage .
It's not easy to protect industrial network security . The main reason is that most industrial networks are built before the emergence of cyber threats , There are no built-in external security controls . Understand the primary threats these networks face today , It's the first step in improving their security posture .
One 、 External threats to industrial networks ——APT、 Targeted attacks and other
in the light of ICS External network attacks on the network , It could be the political interests ( nation-state 、 Terrorist organizations or radical hackers ) Supported by , But it could also be part of industrial espionage . Based on the motivation of the opponent , The purpose of such attacks is varied . for instance , If it's politically motivated , The target of attack is more likely to cause interruption and physical damage , and Targets of industrial espionage , More about Stealing intellectual property . today , Most industries , Especially when it comes to The key infrastructure , More likely to be targeted by politically motivated attacks , Their purpose , It's the cause of Outage and physical damage .
Even those who are not in key infrastructure industries , Instead of worrying about APT Or targeted attack enterprises , also Vulnerable to collateral damage . This is because , The political motive for the disruption of the operating system ICS Network attack , The exploit tools used , It's about technologies that all industries use . This kind of attack will inevitably affect the non target enterprises and their ICS The Internet .
Take the Stuxnet worm against Iran . Siemens claims , Shock net infected at least 14 Factories , The infected companies include Chevron, an American energy company, and Russian civilian nuclear power plants .
Two 、 Internal threats —— Employees and contractors with ulterior motives
About IT The internal threat of the Internet , There have been a lot of comments , But industrial networks are not as risky as IT The Internet is quite . hand ICS Legal access to the Internet , There are employees 、 Contractors and third party integrators . because majority ICS The network has no authentication or encryption to limit user activity , Any insider can come and go freely on any device in the network . Including monitoring and data acquisition system (SCADA) And the key controller responsible for the whole industrial process life cycle .
This is a famous case , It's the malucci sewage treatment plant in Australia . The employee worked for the installation of SCADA The company of the system . He later failed to apply for a position in the county's municipal service , I have a grudge in my heart , use ( It could have been stolen ) The device issues unauthorized instructions , Lead to 80 Ten thousand liters of untreated sewage spilled into the local park 、 The river , On the floor of a Hyatt Hotel . The environmental damage caused is quite extensive .
3、 ... and 、 Human error —— May be ICS The biggest threat
Human error is inevitable , But it can be costly . For many businesses , The risks associated with human error , Perhaps more serious than internal threats . In some cases , Human error is considered to be right ICS The biggest threat to the system .
Human errors include incorrect settings 、 Configuration and PLC (PLC) Programming error , Can cause dangerous changes in the workflow . Vulnerabilities that can be exploited by external adversaries , It can also be caused by human error . Common examples of human error , You can refer to the situation that the temporary connection for integrators is still open after the end of the project .
Some human errors , It's for employees “ Innovative methods ” It happened when I got my work done . For example, employees need remote connections ICS The Internet , When no secure channel is available , They will set up their own unauthorized remote connection . This kind of unauthorized connection , It could be a leak point , And expose industrial networks to external attacks .
Because of a lot of ICS The network has no authentication or authorization procedures , Protect ICS Protecting the Internet from external and internal threats has become a major challenge . and , Most of the ICS There is still a lack of access policy in the network 、 Security policy or control measures for modifying management policy , There is also no audit log to track or capture changes and activities in support of the assurance investigation .
therefore , When operational disruption occurs , It's hard to be sure it was a cyber attack 、 Malicious insiders 、 Human error , It's mechanical failure . This lack of visibility and control , It limits the ability of operation staff to respond to events in a timely manner , The overall cost of disrupting operations and resuming work has increased .
Guard ICS The Internet
Real time visibility into industrial networks , yes ICS The key to safety . To prevent external threats 、 Sabotage by malicious insiders and human error , Industrial enterprises must monitor all activities —— Whether it's from an unknown source , Or trusted insiders , Authorized or not .
Monitoring control layer activity , That's the engineering change to the industrial controller —— Whether it's through the Internet , Or directly on the device . This is the test by ICS The most effective way of unauthorized activities caused by threats . New specialization ICS Network monitoring and control technology , Can provide deep real-time visibility , Can be used to identify malicious or suspicious activities , Take preventive measures to control or prevent damage .