As cyberattacks evolve and become more sophisticated, the need for a comprehensive, defense-in-depth cybersecurity strategy for critical environments is essential. Yet, navigating the world of Industrial Control System (ICS) cybersecurity is often clouded by myths and misconceptions.
In this article, we’ll explore four of the most prevalent myths in ICS cybersecurity in order to equip decision-makers and organizations with the knowledge needed to make informed choices when it comes to protecting ICS.
Isolation or Air-Gapping
When we think of securing our ICS, the idea of keeping them isolated or air-gapped often comes to mind. The mental image is simple: a disconnected, airtight environment that’s removed from all potential threats. This is a dangerous misconception.
Reality
The truth is far more nuanced. Even when these systems are isolated from the vast expanse of the internet, they remain susceptible. Threat vectors like supply chain determined remote attacks, unauthorized physical access, and seemingly innocuous removable media like USB drives can become gateways for malicious activities. In 2021, CISA issued 354 cyber security advisories, highlighting the diverse range of potential vulnerabilities. Many of these vulnerabilities are considered high or critical, with a significant portion being exploitable remotely. This data underscores the fact that even isolated systems can be at risk from various angles.
Safety Instrumented System (SIS)
Imagine for a moment a world where an impenetrable forcefield shields our most critical environments from any and all cyberthreats. This is the promise many believe Safety Instrumented System (SIS) offers. While it's a comforting thought, it's also a dangerous oversimplification.
Reality
The cyberthreat landscape is evolving, and even the most mature systems are not immune. A stark reminder of this vulnerability was the Triton malware attack in 2017. This was a watershed moment in cybersecurity, marking the first-ever publicly known malware specifically crafted to target SIS. The attackers behind this sophisticated malware sought to manipulate industrial safety systems, potentially causing significant harm. Advanced Persistent Threat (APT) attacks, like Triton, are rising against critical infrastructure. These APTs employ continuous, sophisticated, and covert techniques to infiltrate systems, often remaining undetected for extended periods. The industry's response to such threats has been proactive, with asset owners enhancing their defenses and the broader community recommending architectural changes to SIS networks. While SIS is a cornerstone of our defense strategy, it's imperative to understand its limitations and continuously fortify it against the ever-changing landscape.
The Origin of ICS Cyber Attacks
When picturing a cyberattack on ICS, many envision a shadowy figure in a distant location, orchestrating a breach from the outside. This external threat narrative has dominated our understanding for years, but it's only a fragment of the bigger picture.
Reality
The realm of cyberthreats is vast and varied. While external threats remain a significant concern, primarily through internet-facing connections, there's another side to this coin. Insider threats, often overlooked, can be just as damaging, if not more so. A notable example is the Maroochy Shire Sewage Spill incident of 2000 in Australia, where a disgruntled former employee exploited his knowledge of the SCADA system, causing significant sewage spillage in local areas over two months. Additionally, supply chain attacks, where adversaries target less secure elements in an organization's supply chain, have gained attention recently.
Relying Solely on a Few Antiviruses Engines
Many organizations operate under the assumption that relying on just a few leading antivirus solutions—and sometimes even just a single engine—will provide them with comprehensive protection against cyberattacks. This belief falls short of what’s needed to stay hardened against the multifaceted nature of today's cyberthreats.
Reality
A recent report suggests that while increased budgets have been allocated to cybersecurity, 62% of organizations still use only five or fewer antivirus engines. This limited approach may leave them exposed to emerging threats that can bypass a small number of antivirus solutions. In fact, utilizing 8 anti-malware engines can identify nearly 90% of prevalent threats. By expanding to 20 engines, detection rates can rise to 96%. Impressively, employing over 30 engines can push detection accuracy to over 99%. Yet, only a mere 3% of organizations harness the power of more than 30 engines.
How to Avoid Myths
The landscape of ICS cybersecurity is filled with myths and misconceptions, from the false sense of security provided by air-gapping to the inadequate protection offered by a limited set of antivirus solutions. No single measure alone can offer a foolproof defense against the complex and evolving threats we face. The key to fortifying our systems lies in a comprehensive understanding of the risks involved, a commitment to continuous learning, and a defense-in-depth strategy. By arming ourselves with the right knowledge and employing a diverse array of security strategies, we can build a more resilient defense for our most critical environments.
Discover why OPSWAT is trusted globally to defend what’s critical—talk to one of our experts today and see what makes our industry-leading technology and solutions the critical advantage in cybersecurity.
