BOULDER CREEK, Calif. — We are seeing a number of attacks both on industrial control systems (ICS) and on the operational technology (OT) side of the industrial IoT (IIoT) with increasing frequency.
Why is the IIoT so vulnerable to cyberattacks?
We talked to ICS and OT specialists at major cybersecurity solutions providers, as well as key industry analysts, to suss out the answers.
The consensus was a list of several elements that have combined to create a perfect storm over the last few years:
a big increase in the number of sensors and devices being connected to each organization’s IIoT, forming a huge potential attack surface
decades-old OT equipment and control systems never designed for exposure to the internet and, therefore, not designed for security
a patchwork of OT and control systems from multiple vendors running proprietary and non-updatable software, including human-machine-interface (HMI) computers with access to remote terminal units (RTUs), SCADAmaster (supervisory control computers), and programmable logic controllers (PLCs)
poor or absent cybersecurity practices and technology, including a lack of either designed for the very different ICS/OT environment, not the IT environment
lack of budgets, or insufficient budgets, for implementing cybersecurity awareness, monitoring, and prevention technology
a steep escalation in the numbers and types of attackers
Phil Neray, vice president of industrial cybersecurity for CyberX, sees three of these as the key factors that indicate that industrial control/OT systems are more at risk today of experiencing cyberattacks than ever before:
“First, most devices and networks used in our industrial control systems were designed 15 or more years ago, when connectivity to the internet was not standard practice and when it was assumed that if you had connectivity to the device, you had permission to configure the device. As a result, most have either no authentication or weak authentication, like passwords that can be easily sniffed from the wire.
“Second, connectivity between corporate IT networks and OT networks has increased significantly because of the need to get real-time intelligence from production. Whether it’s a gas pipeline, a factory floor, or a well site, companies want to optimize their operations and collect real-time intelligence. This means that the attack surface has increased: There are many more ways for attackers to get into industrial networks.
“Third, the group of potential attackers has also increased. From a destructive malware point of view, today, it includes nation-state threats, primarily Russia, North Korea, and Iran. Also China, which is less interested in malware and more interested in stealing intellectual property from industrial networks. Attackers now include sophisticated nation-states, cybercriminals with ransomware for shutting down a plant, and hacktivists. They also include third-party risks.”
EE Times interviewed a host of cybersecurity experts for this Special Project. In the following pages, we will share some of the key points that they laid out for us as to why the IIoT is so vulnerable to cyberattacks.