W
hile revelations of industrial espionage
are far rarer than those of attacks
that affect banks, retailers, and other
businesses, the costs to business are estimated in
the billions of dollars.
In an increasingly connected world, the
Industrial Internet of Things (IIoT) has
numerous advantages for companies making
use of the functionality this provides. At the
same time, it has increased the need for highly
secure connectivity across all aspects of the
plant, particularly since it is now connected to
the enterprise network, as well as to suppliers
and customers. The increasing prevalence
of telematics and big data in the mining and
construction sectors also increases both the
potential impact of cyberattacks and the
potential points of entry into connected systems
and networks.
As the string of cyberattacks on industrial
networks grows, security vendors are developing
new protection systems. Rockwell Automation
and Cisco are two companies that have joined
together to provide a network security solution,
called Converged Plantwide Ethernet (CPwE)
architectures, designed to help information
technology (IT) and operational technology
(OT) professionals address constantly changing
security threats. The architecture features
technology from both companies, including
design guidance and validated architectures to
build a more secure network across the plant and
the enterprise.
But while technology can help to mitigate
these risks, it is the people using the technology
who play the key role in improving security and
limiting vulnerabilities. In addition to creating
parameter and internal network safeguards,
the joint architecture tool includes policies on
managing access.
Industrial cyberattacks
Probably the most well-known industrial
cyberattack is Stuxnet, a malicious computer
worm that infected at least 14 Iranian industrial
sites in 2010. The worm targeted Microsoft
Windows machines and networks, before
seeking out Windows-based Siemens Step7
software that is used to program industrial
control systems (ICSs) and finally compromising
programmable logic controllers (PLCs), allowing
it to collect information on and causing damage
to centrifuges.
The Stuxnet worm damaged ICSs in five
Iranian industrial facilities suspected of enriching
uranium, and while it was not the first ICS-
targeting cyberattack, it was the first to infect
a PLC and demonstrated just how vulnerable
industries are against cyberattacks targeting their
ICS environments (Huq, 2016: 7). Unlike any
previous virus or worm, Stuxnet caused actual
physical destruction to the equipment controlled
by the infected computers.
Four years later, in 2014, a German steel mill
was the target of a cyberattack, which resulted
in ‘massive damage’ to the foundry. This was the
second such attack after Stuxnet, and once again,
the control systems were accessed via initial
penetration of the office network. In this attack,
however, once the attackers had gained control
of the systems, they focused on destroying
human-machine interaction components, which
prevented a blast furnace from being shut down
and caused serious infrastructure damage.
In 2016, hackers stole project data from the
plant engineering division — among others
— of one of the world's largest steel makers,
ThyssenKrupp.
Public reports from ESET antivirus firm
and Dragos cybersecurity company released in
June this year, identify an extensible malware
framework — a highly capable ICS attack
platform — that was used in the 2016 cyberattack
on the Ukraine electric grid and could be used to
target critical infrastructure sectors. According to
Dragos, the group behind the 2016 attack using
CrashOverride “has direct ties to the Sandworm
Team that targeted infrastructure companies in
the United States and Europe in 2014 and Ukraine
electric utilities in 2015.”
Over the past few years, most major mining
companies have experienced cyberattacks.
SEPTEMBER 2017
13