The threat of industrial control system security has now become the concern of all parties. Banks or governments can be victims of cyber threats. Dell Rodillas, representation of Palo Alto Network states that the threat of industrial control system security risks has become inevitable in the industrial world today. Dell pointed out that malware such as Stuxnet is one example of a cyber attack on a nuclear reactor in Iran's. Malware is one of the Advanced Persistent Threat (APT) which is specifically designed to cripple Iran's nuclear reactors. Dell said that the forms of malware that are so sophisticated they can strike anywhere industries indiscriminately. The 5 threat of industrial control system security, is it Myth or Fact? Let's look at the following description:
Internal survey in an energy company discovered that the majority of the business unit management 'believes that the control system is not connected to the business network free from hackers; while the audit showed that 89 percent of the system actually connected globally. Some kind of connection between the corporate network and the Internet for example intranet, direct internet connection, wireless and dial-up modems are vulnerable to hackers.
1. Hackers is just for cyber crime and don't understand SCADA/DCS/PLC
If you think a hacker does not have the interest or the ability to target industrial control systems, it is wrong. Here are some reasons why hackers are also concerned to attack SCADA:- Target system security threats now have a specific target with considerable financial value.
- SCADA specification can be purchased or easily accessible online. This makes it easier to understand the system so that hackers could break into the system
2. Industrial automation systems are offline that means secure, free from hack
Internal survey in an energy company discovered that the majority of the business unit management 'believes that the control system is not connected to the business network free from hackers; while the audit showed that 89 percent of the system actually connected globally. Some kind of connection between the corporate network and the Internet for example intranet, direct internet connection, wireless and dial-up modems are vulnerable to hackers.3. Industrial automation systems protected by a firewall, it means safe
Firewall offer the level of protection that is relatively safe, but a study of 37 firewall performance in the financial industry, energy, telecommunications, and automotive company founded that:- Nearly 80 percent can be accessed globally without guarantee of firewall
- Nearly 70 percent of the machine outside the network can access and manage the firewall.
4. Not all Industrial automation systems becomes target
It is not true if your organization does not become the target of hacker attacks if you control the network security system is weak. Hacker is specifically targeting certain companies which are vulnerable to attack or have a weak security system. Kaspersky Lab's research, using data from Kaspersky Security Network (KSN) shows that more and more computers running SCADA software will face the same malware threats such as Trojan viruses, worms, and so forth.5. Overconfidence that safety security system will protect from harm
Here will discuss a little technical thing, but to know that the security systems available today are technically flawed. For that Kaspersky Lab is currently using a secure operating system that has been built from scratch. Here are the major issues associated with the system are:- Certification IEC 61508 (SIL) is not safe.
- Integrated control and safety system that uses Ethernet protocol unsafe or open (Modbus, TCP, OPC) became commonplace.
- SIS communication interface module mostly run on OS and Ethernet are quite vulnerable.