Skip to content

Critical Infrastructure’s Silent Threat: Part 3 – Protecting PLCs and Their Environment

Part 3: Protecting PLCs and Their Environment

For many years, PLCs have been insecure by design. Several years into customizing and applying best practices from IT gave rise to secure protocols, encrypted communications, network segmentation, and so on. However, PLCs programming is still done without security in mind.

PLC secure coding practices leverage natively available functionality in the PLC. Implementing these practices requires little to no extra hardware or software. They can be incorporated into the typical PLC operating and programming workflow. The implementation requires security expertise and solid knowledge of the PLCs that need to be safeguarded, their logic, and the underlying process.

Continue reading

Critical Infrastructure’s Silent Threat: Part 2 – Understanding PLCs

 

Part 2: Decoding the Complexity of PLCs

In part one of this series we explained how Programmable Logic Controllers (PLCs) have become key targets for cyber security attacks due to their legacy design, lack of built-in security features, and susceptibility to malware, and how newer PLCs are starting to incorporate more robust security features to help protect against these threats.

Before we can understand how PLCs can be targeted in attacks, we need to understand what they are, how they work and what can be targeted.

Continue reading

Critical Infrastructure’s Silent Threat: Part 2 – Understanding PLCs

Part 2: Decoding the Complexity of PLCs

In part one of this series we explained how Programmable Logic Controllers (PLCs) have become key targets for cyber security attacks due to their legacy design, lack of built-in security features, and susceptibility to malware, and how newer PLCs are starting to incorporate more robust security features to help protect against these threats.

Before we can understand how PLCs can be targeted in attacks, we need to understand what they are, how they work and what can be targeted.

Continue reading

Critical Infrastructure’s Silent Threat: Part 1 – The Invisible Enemy

Part 1: The Invisible Enemy

Programmable Logic Controllers (PLCs) are an essential part of industrial manufacturing plants. They are widely used in industrial control systems (ICS)  to automate processes in critical infrastructure sectors such as energy, water, and transportation. In addition to their day-to-day operational activity, these connected devices generate and exchange vast amounts of security-critical information. For this reason, they have become key targets for a growing number of cyber security attacks.
Continue reading

Same Integrations, Different (& Better) Views

The New integration screen just got published. The screen’s rework includes much simpler and intuitive navigation between all integrations options. Check it out now!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

The Rise of Iran-Sponsored Threat Actors

In mid-summer of 2022, Albania accused the Iranian government of targeting them with a series of major cyberattacks. The attacks, which targeted government servers and online portals, raised alarms about the increasing expertise and audacity of Iranian-sponsored advanced persistent threat (APT) actors. Although many specifics about the attacks are still unknown, the FBI and other international observers believe that the Iranian government first breached the networks of the Albanian government by using phishing emails and malware as early as 14 months before launching the full attack. After gaining access, the attackers were able to penetrate deeper into the systems to obtain sensitive information and cause disruption to government operations.

Continue reading

Securing Your Plant Without Shutting It Down: Navigating the Intersection of IT and OT

If one of your organization’s goals for 2023 is to implement a robust OT/ICS cyber security solution (and here’s why it absolutely should be, even if budgets are a little tight!) you may need a little help wading through the plethora of options, making a plan, and selling it to your CISO and board. There are many solutions being marketed out there, and many organizations willing to offer advice.  SCADAfence recently published a vendor-agnostic guide to choosing an OT Cyber Security solution that details why OT cyber security differs from IT cyber security and what you need to know to choose the solution that’s best for your organization. In this post, we’ll delve deeper and explore why a complete integration is so important. The U.S. National Institute of Standards and Technology (NIST) also released a draft version of a detailed technical guide to implementing OT security, with the final edition expected later this year. We suggest you download and read that as well. One important thing to remember is that even if you don’t have a complete OT security solution at the moment, you still are probably not starting from scratch. Enter the so-called expert from IT.

Integration Between OT and IT Is Essential

As we discovered recently on reddit, every control system engineer has a horror story to share about an IT guy who showed up on the floor of the manufacturing facility with a poorly thought out plan to install or upgrade or a cyber security solution. They proceed to scan every device on the OT network with a tool not-quite designed for the job and leave a disaster in their wake. Machines shut down. Production lines halted. Productivity out the window. Fingers pointed directly at the OT engineers. We understand why most OT engineers would prefer to keep IT experts out of the factory, and back in the office, where they belong. But the fact is, OT networks require cyber security protection too. (And because a cyber attack in the OT world risks harming physical safety, not just data, the need is actually higher.) However, as the integration of IT and OT systems becomes increasingly connected in functionality, it’s important to ensure that their cyber security solutions are well-integrated as well. IT systems are usually more mature, based on common operating systems such as Windows OS or Linux, and have more options available. OT systems on the other hand, are often more fragile and built on custom software, but are more critical to an organization’s mission. Therefore, as much as the OT teams might prefer to keep the IT teams out of their workspace, it is important for them to work together. Make sure roles and responsibilities are well-defined and it’s clear who holds final accountability for making sure your facility is secure.

Identify Your Specific Use Case

Before selecting an OT cyber security vendor, it’s essential to prepare and validate a clear list of IT integration use cases, and ensure that your chosen vendor is able to meet those needs A sound and complete integration between OT and IT security solutions should accomplish several things. First, it should allow for the flow of information between the two systems. This means that the OT team can receive alerts and notifications from the IT system, and vice versa. Second, a seamless integration should allow for forensic analysis to be conducted across both systems if needed. Third, remote users that are authenticated by the IT systems, may need access to OT systems as well. Therefore, a proper solution will allow a way for users logging on remotely to get the access they need at the correct level of authorization. This means that the solution should integrate seamlessly with other tools that are already in place. For example, SCADAfence integrates with a number of different security vendors, such as Rapid7, Keysight, and Secureworks. An open API that allows for maximum flexibility is ideal, as it allows you to tailor the integration to your specific use case rather than being limited to pre-set integrations that may not meet your needs.

Increased Visibility And Other OT Needs

In addition to the OT/IT integration, there are many other things to look for in an OT solution. Including, yes, the ability to passively scan the network to create a detailed inventory of every device without causing damage and shutting down the network. Other must-haves include quick installation time, low false positive rates, and tailored risk alerts. These are all covered in detail in the guide as well.  So, when the CISO, IT person or other member of senior management tells you they want to bring in a cyber security expert, instead of tossing them out on their head and bolting the door, invite them in, be prepared, and talk about how best to work together. To get more advice and information about choosing an OT cyber security solution, download our complementary guide.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

Navigating the Changing Landscape of OT Security in the New Year

It’s become somewhat of a ritual at the beginning of every year, (almost) every company comes up with a review of the past year, and an attempt to forecast what the next 12 months will bring. This year is more challenging than ever. Not only are geopolitical tensions and conflicts at an all-time high but there’s a lot of uncertainty due to the bear markets and the almost inevitable recession that is lurking.

2022 was a year of incredible growth and evolution for OT cyber security. If there is one word that sums up the past year in my mind, it is “change.”

Continue reading

Hospitals in the Crosshairs: The Alarming Rise of Ransomware Attacks in Healthcare

On a Sunday evening in late December, 2022 The Hospital for Sick Children in Toronto was hit with a ransomware attack that took down several vital hospital network systems and caused widespread disruptions in patient care. While the hospital, the largest children’s healthcare center in Canada, said no deaths resulted from the attack and no patient information was compromised, doctors were unable to access imaging and lab results. This led to delays in diagnosis and treatment system-wide.

Continue reading

Why OT Research Is Controversial – But Necessary

I want to discuss a subject that doesn’t get enough attention in the world of OT/ICS cyber security considering how fundamental it is, and also sparks a surprising amount of controversy. The topic is the importance of conducting ongoing research into OT endpoint device vulnerabilities, particularly for legacy devices.

It should be a unanimous opinion that this research is important. The more we know about vulnerabilities and the more CVEs we generate, the better for everyone involved. However, I frequently encounter industry analysts and self-styled experts that repeatedly question the need and validity of research in the OT sector. Their argument is that legacy equipment is guaranteed to have vulnerabilities, that it is flawed by design and therefore advanced endpoint research is unnecessary. I find this argument ironic because these same experts are often involved in creating products that help detect and manage the vulnerabilities found by researchers. They state publicly that there is no point in doing research and then in the same breath talk about how their product can help mitigate the problems.

Continue reading