Subscribe

Securing critical infrastructure

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 24 Mar 2017

ITWeb Security Summit 2017

Registration is already open for the 2017 Security Summit, with five international plenary speakers, #SS17HACK launch, five training courses, and much more to choose from. For the complete agenda, click here.

There have been several well-publicised attacks against Supervisory Control and Data Acquisition (SCADA) systems, including one against a Ukrainian power company in 2016, that resulted in over 80 000 homes having their power cut off at Christmas, and stirred up international concern over the security of critical infrastructure.

There have been other attacks against water treatments plants, says Tommy Thompson, lead consultant - OT cyber security at Nclose. "In the first attack, the hacker managed to compromise the OT System and spill 800 000 litres of raw sewage into surrounding areas, including a 4-star hotel. In a more recent second attack the hackers compromised the OT systems and changed the chemical balance for drinking water. The affected water had to be pumped out to sea."

In terms of manufacturing, he says there have been attacks against manufacturing plants too. "In one attack against a glue manufacturing company in Northern America, hackers managed to get into the OT System and then hold the company to ransom. The result was the company having to pay almost USD25 000 in ransom. A second attack was against a pharmaceutical company where the attack aimed at not only stealing their IP, but also at disrupting their manufacturing process."

According to Thompson, the majority of companies that use operational technology (OT) systems or networks, fail to see these as being vulnerable and susceptible to risk. In addition, these organisations don't understand that they have to (at a minimum) get the basics right.

"Some of these basics are segmentation, whitelisting and awareness training that are vital to any OT cyber-security programme," he adds.

Speaking of how SCADA security differs from traditional security defences, Thompson says availability is the critical difference. "OT Networks (SCADA | ICS) cannot readily afford downtime, as this would result in potential production loss, power failure, no running water, and suchlike. We also cannot assume that because OT Networks are now becoming more IP-based, that the same IT tools can be used in protecting them. An example of this is a vulnerability scan that was done against a chemicals plant. The company doing the scan did not factor in what this would do to the PLCs. The resultant scan caused many of the PLCs to shut down, causing six hours downtime, with a high loss in revenue. The IT manager was subsequently dismissed over this."

Thompson will be presenting on 'The new front: securing operational technology (ICS | SCADA) networks' at the ITWeb Security Summit, to be held from 15 to 19 May, at Vodaworld in Midrand. Delegates attending his talk will learn about why more attention needs to be paid to OT cyber security, as well as collaboration between the IT and OT teams.

Share