It is important to understand that hacking of Industrial Control Systems (ICS) may cause injuries, loss of life, material damage or business interruption. A Denial of Service (DoS) attack or a ransomware spreading across your organization can make production systems unavailable or misbehave.
Industrial Control Systems are most typically found within manufacturing and utility production, but similar challenges exists in other embedded systems. Examples can not only be found in utility companies or the manufacturing industry (PLC, DCS, SCADA) but also in retail, logistics, healthcare, etc.
Consider for example the use of Building Management Systems (BMS), Warehouse Management Systems (WMS), Medical Scanning Devices (MSD), or common equipment such as elevators, locking systems, domestic heating, air compressors etc. All this equipment is vulnerable to cyber-attacks if connected to a network for example for reporting, controlling or updating.
It is important for all of us to understand the risks of our industrial control systems and the obligation to build and operate them in such a way that they offer maximum protection against an attack.
We have been studying industrial control systems for several years now.
As an insurance company we have been studying ICS risks for several years now. Recently we have seen many incidents at major industries resulting in large losses, adding up to hundreds of millions. Hereby malicious software gained access to the business network and encrypted all data. More sophisticated versions made an inventory of all data repositories including on-line back-ups first, before starting their destructive work. Without their data victims were paralyzed, and their options were limited to paying the ransom and hoping for the best or re-building their systems from scratch using off-line back-ups, if available.
Because ransomware can spread rapidly, a global company network could be affected within minutes. So far, the preferred response has been to cut all connections, effectively shutting down the network. And in today’s world, enterprise resource planning systems are key and without them business operations are impossible.
Even when industrial control systems are not compromised themselves all activities will stop sooner or later as in manufacturing plants production numbers and demands for raw materials are no longer processed. In hospitals, patient data is no longer available and findings can’t be reported.
In distribution centres it’s no longer possible to find pallet locations, to print address labels or to complete forms for customs. However, with the ICS themselves not being compromised they will operate as planned. They would shut down safely without physical loss. In the insurance business this is therefore commonly referred to as non-physical risk.
However, the hacking of ICS is considered a physical risk as it may result in injuries, loss of life or material damages! Examples are less known to the general public and include events such as hacking into the controls of a New York dam (2013), setting a German steel mill on fire (2014), breaking down the Ukraine power grid (2015), compromising the safety of a refinery in the Middle East (2017), and the attacks on the Russian power grid (2019).
These examples may seem a little extreme for an average organisation as they involve state-sponsored hackers and high-profile targets. But make no mistake! As it happened with malware targeting common IT systems we have no doubt that the tools used in the above attacks will trickle down and become available for use by common criminals.
For ICS, Integrity is key!
For ICS, integrity is key! Processes must be completed in a strict order depending on input provided by sensors. Users can select the order required using a Human Machine Interface (HMI). For example, a manufacturer of paper cups will have a strict order for producing their cups, which should always have the same appearance.
Should they want to produce another product they must select different parameters. Within the production process the users may have a bandwidth to adapt the process because they are using a raw material that may differ in quality. However, the ICS will control the upper and lower limits to prevent, for example, overheating.
When we visit organisations as part of our risk management surveys we find that automated solutions are replacing part of the human workforce. This takes away the possibility for human intervention in case the process order is disrupted. We also see a lot of system integration. Where we used to have multiple machines on multiple lines, today a single more complex machine is combining their activities.
With the equipment becoming more complex, the number of people understanding them is reducing. Finally, we see that safety systems, which used to be independent (mechanical) devices, are moving along the same lines and sometimes are even merged with the very systems they are supposed to protect!
To protect your organisation from future cyber-attacks causing loss of life or material damage we believe it is very important to keep a grip on the matter. We propose you start asking the below questions;
Senior Risk Engineer, If