Cyber security in enterprise operational systems: threats and trends

Yehuda Eilon

SCADA-article

Communication and connectivity capabilities between systems and infrastructure have burgeoned over the past decades to a very great degree. Such capabilities undoubtedly increase convenience, and improve efficiency and quality of life. These ‘connecting it all on the web’ trends as in the Internet of Things (IoT) make it more convenient than ever to perform operations that were previously considered complex, and they are being widely applied in applications supported by highly developed networks.

However, networks are a double-edged sword, and they also expose us to a far-reaching range of threats commonly known as cyber threats.

Cyber threats are a well-known hazard of IT systems (information technology) and as such receive much attention in the world of technology and the public. Organizations usually protect their IT assets meticulously. But, unlike the world of IT, in which communication protocols and automated processes are standardized, operational technology (OT), often referred to as SCADA, is a much more complex world in terms of cyber security.

In the sphere of operational systems, this discussion focuses on Industrial Control Systems (ICS). ICS is a universe of many different control protocols, little standardization, and a plethora of legacy systems from an era when ‘cyber’ was an unknown buzzword. Organizations tend to adhere to the ‘if it ain’t broke, don’t fix it’ approach, and common wisdom holds that damage to automated production processes can greatly harm an organization. In more minor cases a company’s prestige may suffer, in others a company may be laid open to blackmail by attackers wielding ransomware.

As manufacturing processes become increasingly automated, they have also become more vulnerable to attack, while at the same time the attack tools in this war are turning into a commodity. Today, individuals may easily purchase advanced attack tools on the darknet, so hackers of today have access to tools that in the past were only available to powerful states. Another fact becoming evident is the dearth of professionals capable of blocking such attacks in real time.

Cyber security models are challenged by the disproportionate difference between time to exposure of a vulnerability and the much longer time needed to identify a threat and recover. We can expect this challenge to get worse with the appearance of new threats and models that shorten the interval between the moment a vulnerability is discovered to the time the malware is armed (exploit).

In the past, the cyber security model posited that defending the outer layer of the corporate environment was sufficient to ensure its resilience. However, the eggshell paradigm has clearly collapsed. The eggshell paradigm which relies on buttressing an organization’s outside borders, leaving the soft core undefended, has already cost companies billions due to inadequate security solutions in intra-organizational systems. At present many organizations spend most of their cyber security budgets on their outer defenses, leaving cyber security of internal OT systems with inadequate funding. The result is that once the outer defenses are breached, there is little to impede an attacker from spreading freely inside the organization. Indeed, attacks like NotPeya and WannaCry have already proved that the eggshell paradigm must be abandoned.

To penetrate an organization with the goal of attacking the OT systems, a malicious entity may connect to any endpoint on any of the communications networks. For example, connecting through CCTV camera networks, access-control systems, elevator controllers, and manufacturing controllers.
The only way to ward off cyber attacks on OT networks is to protect the entire network.

Mr. Yehuda Eilon, Head of Cyber Security Division, Meptagon