Why You Shouldn't Expose Your Control Systems To The Internet?

An industrial control system (ICS) is a part of operational technology (IO) that’s used to manage machinery and distributed infrastructure processes. In factory and field environments, ICSs control mechanisms such as sensors, actuators and valves. They are also used for everyday facilities like elevators, safety systems, security systems and automatic fuel gauges. In large-scale energy and plant environments, ICSs operate water systems, power grids, transport utilities and facilities in many other sectors.

Are Industrial Control Systems Vulnerable To Cyber Attacks?

ICSs rely on computers and the internet to receive instructions, sometimes from remote locations, making them vulnerable to cyber attacks that can disrupt critical processes. Also, their older software is more complex to patch, making them susceptible to online attacks. These result in downtime, incurring costs and inconvenience to residents who rely on critical networks – for example, energy plants or transportation.

What Happens If Attackers Gain Access To ICSs?

According to research by BitSight, 100,000 ICSs worldwide, in public and private sectors, were at risk of cyber attacks because of online exposure. If cyber attackers gain access to sensitive ICSs and control them, they can cause serious harm to on-site and remote infrastructure. Attackers can target traffic light systems, security systems, and other restricted networks through public domain access. 

Threats from online attackers fall into the following categories:

Compromised Data

When attackers gain access to ICSs, they can steal confidential data, including personal information or intellectual assets. Corporate data includes customer databases (with names, phone numbers, bank details, etc), financial details, property details, and trade secrets.

Data breaches put countless customers at risk of receiving fraudulent communication. This not only affects the company’s reputation but makes repeat attempts more likely since vulnerability indicates weak security. Through unauthorised access, attackers can also gain remote access to a network to alter or steal records.

Malicious Threats 

Compromised ICSs provide ample opportunity for attackers to add malware to the system. Using malicious phishing pages, browser scripts and documents, attackers can attempt to gain access to restricted files. They can also add spyware that transmits data back to a remote location. Security cameras have been known to be hijacked by cracking the generic admin password that comes with the device, giving the attackers the ability to view and listen in.

Operation Outages

Attackers have different motives for hacking ICSs exposed to the internet. These could be financial or political, but regardless of motives attacks can result in serious consequences. These include financial losses, health and safety concerns and, in extreme cases, the total shutdown of operations.

An example of an attack that led to outages came in 2022 when Toyota halted production at 14 factories. The temporary shutdown was linked to a ransomware attack on Kojima Industries – one of Toyota's suppliers. The attack prevented Toyota from ordering parts, causing costly disruption.

How Manufacturers Can Protect ICSs From Attacks

Manufacturers can protect their systems by implementing the following measures:

Conducting Domain Scans

Create and maintain a list of all the ICS devices used and run domain scans on devices connected to the internet. Scans assist in identifying suspicious patterns and security weaknesses. If they reveal vulnerable ICS devices they will need to be removed immediately, or have their security settings adjusted. A policy of regular security scans is essential, but staff should also be trained on how to maintain restricted areas, access points, passwords and logs.

Securing Systems

Protecting systems with a firewall and anti-virus software is a must for industrial operation devices connected to the web. Real-time monitoring is necessary to alert manufacturers to immediate threats. Implementing procedures for quicker response times to threats reduces subsequent damage to connected systems and provides time for supply chain partners to be alerted. Cyber attackers use different ways to gain access to systems – for instance, through communication that’s not secure. For this reason, all communication and networks need to be secured with end-to-end encryption to prevent attackers from exploiting confidential communication.

Cybersecurity Training And Education

The threat landscape targeting ICSs is vast, with threats constantly changing to adapt to different hardware and software. In a study published by BitSight, which studied several common ICS protocols – S7, BACnet, EtherNet/IP and Modbus – researchers found security differed by protocol. 

By understanding the weaknesses and strengths of the ICS system used in the organisation, companies can develop strategies that account for the risks associated with their operation technology systems.

Training staff on security principles and how attackers exploit ICSs will help them identify anomalies and recognise social engineering and phishing attacks. Online awareness for customers is part of a strong cybersecurity policy that is transparent. Customers are then aware of potential phishing attacks, duplicate websites and other malicious activity.

Following Policies And Regulations

Creating a strong security policy includes a step-by-step disaster recovery plan in response to potential threats that staff can follow in the case of a cybersecurity incident. This may even be a requirement for specific industry compliance and data protection policies. 

Implementing mandated regional security requirements is also necessary to avoid legal complications. Legal compliance with policies designed to secure internet devices and data is required to pass various audits and certifications. 

Without a security strategy, staff will not know how to respond to an incident in time, further compromising systems. Company security policies also include the necessary backups required for a given period, so records are available in case of an outage.

Why It’s Critical To Not Expose ICSs To The Internet

Given the critical nature of the infrastructure that ICSs control, it's more important than ever for them to be secured against online exposure. Low security exposes ICS systems to attacks that result in costly downtime or data theft. The repercussions of cyber attacks carry through to supply chains, setting back suppliers and possibly compromising their systems in the process. 

Installing adequate firewalls, conducting regular security scans and securing access points are just some of the steps required to remove ICSs from public access. Strong security is not complete without regular training to ensure staff can identify ICSs exposed to the internet and remove them from public access to prevent possible attacks from occurring. Staff training should also involve a plan for incident response to limit the damage of any attacks.