Industrial Cyber Security: More than just one company
The technological landscape is changing extensively with the advent of integrated systems with accessibility driving this development. Manufacturing and plant operation machines that used to have an air-gap between themselves and other systems are now dwindling with the push for integration. This is not necessarily a bad thing as it aids productivity and profitability. Linking systems is not just reserved for the company itself but also its supply chain pulling in materials and components as they are need. In fact, in the recent Covid-19 pandemic the need to switch suppliers quickly has allowed supermarkets and other essential industries to remain open.
Unfortunately, this advancement has increased challenges when it comes to cybersecurity. Hackers in recent years have attacked power stations, factories, hospitals and infrastructure. Some for profit and others working within governments to disrupt another competing countries GDP.
Some attack vectors have involved the exploitation of software supplied by 3rd contractors. For example, a large platform such as a product management lifecycle (PLM) software that is utilised extensively in manufacturing sectors to digitally replicate the design and manufacturing processes inevitably use existing software that it integrates in a modular basis. If any one of dependent software has malicious content it is unlikely that it will be detected at the time of installation and roll out.
Hackers recently used this process to gain access to a worldwide company all through gaining access through a smaller company and creating a backdoor that allowed them to then exploit the companies supply chain and sell industrial secretes to competitors. While this was not PLM software that was involved it was similar in scale and integration. Interestingly the hackers waited for years until the 3rd party software was widespread in other companies from other installations. This was a huge scandal as it took a long time for the software that they added was flagged, and through a long investigation the extent of the issue realised.
Industrial cybersecurity companies
Industrial cybersecurity companies hire the best and brightest for their teams, they work every day on cybersecurity activities and upskilling on the latest threats. Sometimes you just need specialists that specialise in cyber security. The challenge is still keeping up with new approaches.
Currently operational technology (OT) also called industrial control systems (ICS) are being targeted by hackers due to the extensive information about this technology readily available on the internet. This can be in the form of maintenance documentation, a method used to hack wireless printers recently and gaining network access from there. User instructional documentation or installation procedures may be used in a similar light. Some hackers use online videos for similar information. While one source may cover one item of interest to hackers another may complete the puzzle of how to gain access to a system.
Shodan: no coding, login or hacking experience necessary
One of the best examples of finding an exploitable route is the website Shodan. This is well known in the hacking community and is one of the best sites to see poorly maintained cybersecurity. A lot of white hat hackers use the site to find servers that are accessible and then contact the company to tell them that they need to fix the issue. Some companies listen while others ignore this advice. The site allows anyone to access these servers without a login required and free for a handful of searches. You could search your industry and click a remote connection to gain access to a system that may not even be password protected. This site shows a ‘grey area’ in hacking because a server that does not have a password for an accessible port is potentially legal to gain access to. Shodan allows anyone to find and access these sites which include power stations and airports with no restriction and with no coding or hacking experience needed.
Why can this occur; simply put due to contractors providing a platform and documenting that a client must harden their server that it has been used. The client however may not know anything about computers and leave ports such as FTP and remote access ports open and not providing a system password as they may forget what it is or have other users that use it. These are not old challenges, check out if your company is on Shodan and use Industrial cybersecurity companies peace of mind.
