Information security experts have long been sounding the alarm about the poor defense of industrial systems, and of critical infrastructure systems in particular. The ability of those systems to operate smoothly does not merely enable the world economy to function — sometimes people’s lives depend on it. Just one successful cyberattack on a critical infrastructure company may wreak enormous economic, social, and environmental havoc.
In recent years, those concerns have increasingly proved well-founded. We saw several quite serious and successful targeted attacks against large enterprises. For example, criminals managed to slip malicious code into a computer in the control room at the Monju nuclear power plant in Japan by infecting a software update on the site of a video playback program developer. As a result, a significant amount of data — including company e-mails, employee data sheets, and reports — leaked to an external server, assumed to be in South Korea.
Some incidents were even more dangerous. A targeted attack against a German steelworking facility resulted in the malfunction of its blast furnaces. In late 2015, a wave of attacks struck Ukrainian electricity distribution companies Kyivoblenergo and Prykarpattyaoblenergo, leaving more than 80,000 customers without power. Private apartments and offices were hit, but so were hospitals, maternity homes, and many other institutions in which people’s lives and health depend on an uninterrupted power supply.
Concerns of industrial systems’ #security have increasingly proved well-founded.Tweet
The rise in conventional cyberthreats is nothing new, and it’s no surprise that more commercial organizations are getting hit. More troubling is the constantly growing number of targeted attacks, which are supported by lots of money and investments from nation states or major financial groups. Targeted attacks are harder to mitigate, and the damage they cause is usually much greater than a random Trojan may inflict. According to the Allianz Risk Barometer 2016 survey (which rates business threat sources by degree of danger), cyberattacks rose from thirteenth place in 2013 to third place in 2016.
The reason isn’t just intense hacker activity. The increasing complexity of industrial control equipment is a factor too; such equipment has become utterly reliant on information technology. First of all, the introduction of the so-called Industrial Internet of Things (IIoT) is clearly a major factor. IIoT involves enabling self-learning machines, big data methods, M2M (machine-to-machine) communication, and industrial automation technologies. All of those will undoubtedly open many new opportunities, but as you know, new opportunities bring new risks.
The financial risks of possible manufacturing downtime are not the only reason to be concerned about industrial cybersecurity. Consider as well the penalties that information security regulatory authorities may impose on an organization if it does not meet cybersecurity requirements. And the number of those recommendations — and mandatory compliance regulations — is constantly growing.
Thus, employees of information security departments of industrial enterprises have to maintain compliance with multiple regulations as well as fulfilling the task of protecting information systems. With growing responsibility and expanding competence, the position of the company’s chief information security officer gets more and more strategic: A person in this position becomes increasingly involved in company management decision-making. Developing a general information security strategy becomes an objective as well.
However, developing the strategy is not enough. For its successful implementation, information security officers need to have appropriate tools, which, on the one hand, must provide a reliable layer of protection but, on the other hand, should not affect the technological process. At the same time, the tools require transparency of the entire control system, anytime access to up-to-date information on the status of any element, centralized management, and automation of everything that can be automated.
There is such tool. This year, Kaspersky Lab released a unique, multicomponent solution, Kaspersky Industrial CyberSecurity, designed for industrial systems protection and with all customer requirements taken into account. The solution provides information security on all levels: for supervisory control and data acquisition (SCADA) systems, workstations, Human Machine Interfaces (HMIs), servers, and technological networks. This solution can conduct deep network operation analysis on the industrial protocols level and centralized security control from a single console — Kaspersky Security Center.
The solution includes an expanded set of services as well as specialized support. We customized versions of Kaspersky Industrial CyberSecurity for different market verticals, and we have already successfully implemented the solution in the systems of our customers in Europe and Russia. The geography is going to significantly expand once we begin receiving requests from customers in the Middle East and Pacific regions.
It is important to realize that in a modern setting, no single entity can cope with the task of providing an industrial facility’s information security; it is not only IT infrastructure, but also complex industrial hardware, that needs protection. That is why we believe it is necessary to ensure the convergence of automation tools developed by industrial systems vendors and our own cybersecurity solutions. Developing safe and secure systems requires a joint effort, so today we expand our sphere of cooperation with industry vendors by carrying out certification and interoperability tests, preparing joint documents, and integrating products and solutions.
CISO’s position gets more and more strategic these days.Tweet
Such cooperation ultimately aims to increase the efficiency of industrial security systems without undermining their core business and affecting the processes. Currently, engineers are forced to work with heterogeneous components and software pieces during developmental stages, and each of those components and pieces typically has its own incompatible defenses. This situation makes it extremely difficult to create a uniform, “secure-by-design” industrial network, and moreover, development and deployment devour a tremendous amount of resources. Having industrial components and protection solutions be compatible from the get-go would greatly facilitate the task of end-user engineers both in system development and during its operation. As a result, manufacturers of such components would have an additional competitive advantage.
Kaspersky Lab offers mature and well-tested tools for creating industrial cybersecurity systems. Our solutions enable vendors to supply protected industrial package solutions that fully meet regulations and recommendations. This, among other things, may provide additional gains for the whole chain of suppliers.
One special advantage of such systems is that they include access to Kaspersky Lab’s expert services. Kaspersky Industrial CyberSecurity users can get information about the latest threats, additional tools to combat targeted attacks, and more. Thus, they receive a reliable, intelligent, and fully controllable solution that ensures the security of the entire industrial infrastructure (from the office computer network to the SCADA systems, controllers, and field devices).
We at Kaspersky Lab are extremely interested in cooperating with any and all industrial-grade-equipment manufacturers and software developers, regardless of their size or region of operation. If you have any questions on this subject, you can contact me directly by e-mail at Dmitry.Feshin@kaspersky.com.
Only by joining forces will we be able to provide reliable cyberprotection for industrial facilities and to lighten the burden of the specialists who are responsible for the information security of those enterprises.