Prediction Series #2: Companies are unprepared for cyber attacks that continue to threaten ICS/SCADA systems

Critical infrastructure vulnerabilities persist

In 2018, we highlighted the extreme vulnerability of ICS/SCADA (Industrial Control Systems/Supervisory Control And Data Acquisition) networks to cyberattacks. Cyber attacks continue to threaten ICS/SCADA systems. In the US alone, we have about 2.4 million miles of energy pipelines, 72,000 miles of crude oil pipelines, and roughly 1.0 million miles of water pipelines.

Sixty percent of organizations experienced an ICS/SCADA breach

Recent research reveals that close to half (41.2%) of ICS were attacked by some form of malware during the first six months of 2018, up roughly 10% from 2017. By the end of the year, 60% of organizations using SCADA or ICS experienced a breach to those. The main avenue of infection is the Internet (27%). Victims experienced threats of crypto-mining, ransomware, remote-access Trojans (RATs), spyware and more, delivered through phishing emails and exploits. The Spectre and Meltdown vulnerabilities pose threats as well.

Russian continues to invade US utilities

While developing countries experienced the highest number of cyberattacks, the US experienced its own causes for deep concern. At least twice over the summer, the Department of Homeland Security announced that it had proof of Russia hacking into US critical infrastructure, utilities and electric grids. More proof of similar invasions appeared in November. U.S. CERT also specifically named the Russian government forthese multi-stage and targeted attacks.

For now, the attacks were found to “only” have carried out reconnaissance activities but Russian presence could turn into a full-fledged attack at any time. Similarly, BlackEnergy, an APT that shut down grids in Ukraine in December three years ago has resurfaced in a new variant as GreyEnergy, focused on cyberspying.

Last year the reality of the seriousness of ICS vulnerabilities began to take deeper root with some companies who are realizing their infrastructures are in the cross-hairs. But even still, reports show a low percentage of firms (13%) factor in future threats into their security budgets. Additional eye-opening is needed.

IT/OT convergence increases ICS vulnerabilities

Acute awareness to their vulnerabilities is particularly true in the area of IT and OT convergence. IT and OT convergence brings many conveniences to customers. But it also opens up major security gaps because traditional IT components (servers, switches, routers and such assets) are exposed through OT sensors and connections to the Internet of Things (IoT). This connectivity destroys any protectable perimeter ICS systems were used to. Now these companies have environments that are no longer air gapped and they must deal with the tremendous risks associated with that.

As more invasions and attacks make the headlines, critical infrastructure organizations will face more pressure to address ever-present ICS threats. Cybersecurity for ICS is becoming an increasing focus of discussion among C-suite executives and in boardrooms. We see executives assuming a greater role in ICS security becoming a higher priority in budgets and in daily practice.


Further resources: Virsec Critical Infrastructure Protection