I’ve been saying for years that supervisory control and data acquisition (SCADA) systems and industrial control systems (ICS) have a greater risk of being hacked. Unless changes and upgrades are made to these mission critical systems, a devastating hack is bound to happen. And it turns out that I was right.
The Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) just released a joint report that provides information on persistent threats that successfully breached government networks along with organizations in the energy, nuclear, aviation, and manufacturing sectors.
SCADA/ICS systems are the backbone of manufacturing and other industrial sites, combining hundreds of onsite systems into one central control network. Unfortunately they typically use outdated operating systems, making themselves an easy access point for hackers looking to infiltrate the system. Manufacturing was the third most attacked industry in 2016 beyond the general services industry, and the financial/insurance industry.
Disabling a mission critical network in a nuclear power plant, water treatment facility, or even in manufacturing plants can have devastating effects. Hackers target these organizations because they are interested in extortion of funds, disruption of essential services to cause chaos and physical harm, and theft of intellectual property. Hacks have obvious monetary consequences, but in some cases they can even lead to loss of life.
Hackers have grown more confident over the years creating sophisticated hacking schemes using spear phishing emails, infrastructure targeting and credential gathering from compromised accounts to break into their desired network. This aggressive activity towards critical infrastructure is frightening since this is the first large scale successful attack in the US. Regardless of what information the hackers were able to gain access to, we don’t want our enemies to learn how to cause more permanent damage in the future.
Managers in industrial and other related organizations need to be aware of their normal network traffic and activity. Without a baseline, there is no way to understand what’s irregular and needs to be investigated, and what simply is a result of daily activity. A network TAP is the industry best practice to ensure full visibility into your network.
Attempts at network infiltration can be detected by comparing IP addresses and domain names found in the indicators of compromise (IOC) listed in the DHS/FBI report and comparing them to unusual IP addresses, traffic spikes at odd hours of the day, unusual ports open, and the obvious alarms from your monitoring tools. When you use a TAP, you are assured the data you’re looking at is the true story.
Have I scared you yet? Don’t let yourself get surprised by an attack on your network. The only way to ensure that you see 100% of your network traffic is by using a Network TAP. Protect yourself and your organization by reading the latest whitepaper, Protecting the Data: 5 Tools to Fight Against Today’s Threats.