Saturday, September 26, 2015

The Top 5 Threat of Industrial Control System Security, is it Myth or Fact?




The threat of industrial control system security has now become the concern of all parties. Banks or governments can be victims of cyber threats. Dell Rodillas, representation of Palo Alto Network states that the threat of industrial control system security risks has become inevitable in the industrial world today. Dell pointed out that malware such as Stuxnet is one example of a cyber attack on a nuclear reactor in Iran's. Malware is one of the Advanced Persistent Threat (APT) which is specifically designed to cripple Iran's nuclear reactors. Dell said that the forms of malware that are so sophisticated they can strike anywhere industries indiscriminately. The 5 threat of industrial control system security, is it Myth or Fact? Let's look at the following description:

Industrial Control Systems Cyber Security

1. Hackers is just for cyber crime and don't understand SCADA/DCS/PLC

If you think a hacker does not have the interest or the ability to target industrial control systems, it is wrong. Here are some reasons why hackers are also concerned to attack SCADA:
  • Target system security threats now have a specific target with considerable financial value.
  • SCADA specification can be purchased or easily accessible online. This makes it easier to understand the system so that hackers could break into the system


2. Industrial automation systems are offline that means secure, free from hack

Internal survey in an energy company discovered that the majority of the business unit management 'believes that the control system is not connected to the business network free from hackers; while the audit showed that 89 percent of the system actually connected globally. Some kind of connection between the corporate network and the Internet for example intranet, direct internet connection, wireless and dial-up modems are vulnerable to hackers.

3. Industrial automation systems protected by a firewall, it means safe

Firewall offer the level of protection that is relatively safe, but a study of 37 firewall performance in the financial industry, energy, telecommunications, and automotive company founded that:
  • Nearly 80 percent can be accessed globally without guarantee of firewall
  • Nearly 70 percent of the machine outside the network can access and manage the firewall.

4. Not all Industrial automation systems becomes target

It is not true if your organization does not become the target of hacker attacks if you control the network security system is weak. Hacker is specifically targeting certain companies which are vulnerable to attack or have a weak security system. Kaspersky Lab's research, using data from Kaspersky Security Network (KSN) shows that more and more computers running SCADA software will face the same malware threats such as Trojan viruses, worms, and so forth.

5. Overconfidence that safety security system will protect from harm

Here will discuss a little technical thing, but to know that the security systems available today are technically flawed. For that Kaspersky Lab is currently using a secure operating system that has been built from scratch. Here are the major issues associated with the system are:  
  • Certification IEC 61508 (SIL) is not safe.
  • Integrated control and safety system that uses Ethernet protocol unsafe or open (Modbus, TCP, OPC) became commonplace.
  • SIS communication interface module mostly run on OS and Ethernet are quite vulnerable.

Conclusion

Security system should be reviewed and upgraded due to cybercrime increasingly smart and sophisticated. In order to successfully survive the attack, the security system must meet certain criteria. Activities of cyber criminals who carry out attacks against APTs constantly upgraded and more sophisticated, therefore the system should be reviewed and reappraised.


Labels:


Newer Post Older Post Home

You may also like these ebook:

Get Free PLC eBook directly sent to your email,
and email subscription to program-plc.blogspot.com




We hate SPAM. Your information is never sold or shared with anyone.

Your Email Will Be 100% Secured !