APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • CXO Awards
Apac

  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • Managed Services
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    Editor's Pick (1 - 4 of 8)
    left
    The Future Relies on Augmented AI

    Laurent Fresnel, CIO, The Star Entertainment Group

    How Marco's Pizza Leaned On Technology To Succeed Amid The Pandemic By Quickly Pivoting To Contact-Free Delivery And Curbside Carryout

    Rick Stanbridge, VP & Chief Information Officer, Marco’s Pizza

    Stay business relevant in the long term with continuous learning of new skills and technologies

    Jason Little, CIO South East Asia, Manulife

    IoT-Turning Out to be a Phase of Evolution

    Mayank Bhargava, CIO, DHFL Pramerica Life Insurance

    What a Scooter Ride in India Taught Me about IT

    Shivani Saini, CIO, Asia, Middle East & Africa, GSK

    Focus on Resiliency to Unleash Innovation

    Scott Alcott, CIO, Comcast Corporation

    The Rising Tide of Technologies

    Bill Kloster, CIO, SEH

    The Potential and the Perils of IT's New Tech Savvy Customers

    Ed Malinowski, CIO, Bayada Home Health Care

    right

    Securing Your Industrial Control Systems Today

    Richard Bussiere, Director, Product Management APAC, Tenable

    Tweet
    content-image

    Richard Bussiere, Director, Product Management APAC, Tenable

    In March 2018, the US-CERT published an alert that a multi-stage campaign against critical infrastructures was being conducted by Russia against targets in the United States. This alert was the result of detailed analysis of the attacks conducted by the Department of Homeland Security and the Federal Bureau of Investigation. The malicious activities are an attempt to compromise the networks of energy sector, government, transportation, energy production, and some critical manufacturing sectors. Typically, parts of these infrastructures include Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems that control the physical processes.

    These attacks are ongoing, and they are not only against the United States. Any organization with ICS/SCADA networks is at risk for similar attacks. For example, the Australian Cyber Security Center reported that for the years 2016/17, there were 7283 cybersecurity incidents impacting major Australian businesses and of these 734 impacted private sector businesses that provided critical infrastructure.

    The “ownership” of any critical infrastructure, public or private, can cause significant social or economic distress, with massive first, second and third order impacts. As a simple example, consider what are the effects an attack causing an outage of an urban mass transit system would have, even when if just for a few hours:

    • Customers can’t get where they need to get and are delayed;

    • People seek alternate modes of transport, which rapidly oversubscribes those modes;

    • Street traffic increases, causing further delays;

    • Meetings are delayed or cancelled;

    • Commerce is impacted, sales that otherwise would have taken place, don’t take place.

    Besides these effects, there is the added serious consequence of the loss of public trust in the victim organization.

    Formerly ICS environments have operated in isolation. This is no longer true as business demands force the real-time extraction of process data from the ICS environment. Unfortunately, these new connections also increase the risk of cyber attacks against these brittle ICS infrastructures.

    To help understand these new risks, let’s look at how attacks against critical infrastructures are orchestrated.

    Attackers will conduct “open source” research on potential targets by studying publically available information. This research will reveal business partners, data on employees, data on infrastructure and so-on. All of this data is useful at identifying targets and designing attacks.

    Next, using this information, the attackers may attempt to find weakly defended networks, typically operated by suppliers or contractors that are connected to more strongly defended critical infrastructure targets. Once breached, the partner/contractor network is used as a bridge to attack the critical infrastructure network. This effectively takes advantage of the trust relationship that exists between the subcontractors/partners and the true target of the attack, the critical infrastructure network.

    Attackers may also use “watering holes” - for example trade and informational websites that relate to Industrial Control, Process Control, and Critical infrastructure.

    There is now a sense of urgency for operators of critical infrastructure to be diligent in the configuration and monitoring of their it and ICS environments

    These sites will be laced with malicious content that can achieve a “drive by” breach to an unpatched web browser or entice the victim to download malicious content. Highly targeted spear-phishing attacks may also be used to penetrate the target networks.

    Once the initial foothold is established, the attackers access the victim network and:

    ● Download additional tools to establish presence, persistence, and control.

    ● Use malicious tools to harvest credentials

    ● Create user accounts

    ● Attempt to escalate the privilege of these user accounts

    ● Disable any host firewalls

    ● Establish Remote Desktop Protocol access

    ● Install VPN Clients

    ● Research internal documents describing how the ICS environment is implemented

    ● Leverage IT/ICS network interconnectivity to control the ICS network in malicious ways.

    There is one very important observation to make here: the “traditional” IT network is the initial vector of most attacks against ICS infrastructures. There are several reasons for this:

    ● The malicious operators can harvest credentials from the IT network.

    ● The malicious operators can conduct research on the infrastructure layout accessing systems using the harvested credentials.

    ● In most cases, there are connections between the traditional IT network and the ICS network that can be leveraged through the use of harvested credentials.

    To accomplish these objectives, the malicious actors must:

    ● Exploit vulnerabilities

    ● Exploit weak endpoint configurations

    ● Install malware

    ● Create new user accounts

    The reality is that “owning” the IT network is an effective way to ultimately “own” the ICS network, since for critical infrastructure operators the two are intimately related.

    For operators of critical infrastructure, both the traditional IT environment and the ICS environment must be continuously monitored for not only indicators of compromise but also for proper configuration, the presence of vulnerabilities, and changes of state to the endpoints.

    Some recommendations include:

    ● Discover all assets, all the time to understand and reduce risk due to “unknown unknowns”

    ● Continuously monitor devices for vulnerabilities

    ● Constantly search for the presence of unknown software or active unknown processes on endpoints

    ● Continuously monitor critical infrastructure devices for proper secure configuration and detect systems where the configuration has mysteriously changed

    ● Monitor for changes in critical directories or executable files to detect malicious modifications

    ● Monitor for new user accounts on endpoints which may have been created by malicious actors

    ● Continuously monitor the ICS environment for vulnerabilities and unusual traffic patterns

    ● Detect, monitor and understand in detail the connections that exist between the IT network and the ICS network

    ● Detect, monitor and understand in detail the connections that exist between “trusted” third parties and the IT network

    ● Detect, monitor and understand any outside connections that may exist directly to the ICS network

    ● Insist that “trusted” third parties comply with minimum security standards

    ● Consider universal adoption of two factor authentication

    Given that the threat is real and ongoing, there is now a sense of urgency for operators of critical infrastructure to be diligent in the configuration and monitoring of their IT and ICS environments.

    tag

    Critical Infrastructure

    Weekly Brief

    loading
    Top 10 Managed Services Companies - 2023
    ON THE DECK

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://managed-services.apacciooutlook.com/views/securing-your-industrial-control-systems-today-nwid-5163.html