“This kind of attack is easy to mitigate against because there were patches already in existence and available,” said Graham Speake, chief information security officer at Berkana Resources. “Obviously, companies to have to deploy them. For the IT side of the house, there is usually some delay even if there are important/critical patches released by a vendor as they have to be tested against the company’s base build (or perhaps multiple builds if it is a large multinational). There is still a lot of older or obsolete operating systems around, particularly in some hospitals where cost to upgrade play a big concern, especially like in the UK where it is a nationalized service. Within the ICS/SCADA world, the overall goal of segregated IT and OT systems would alleviate a lot of these attack vectors, but business drivers often outweigh the segregation issue. Having separate systems with a firewall with a strong rule set dividing the two and not allowing Internet access or email from the OT side of house would go a long way to protect the critical infrastructure.”

While this was a huge general attack against multiple industries, Speake said focused attacks are much harder to defend against.

“The more we have IIOT and devices connecting directly to the Internet, the less secure we likely are and more likely to see incidents affect our ICS/SCADA systems.”
— Graham Speake

“Often users will use similar techniques as their competitors to set-up and run their OT operations and knowing that a particular port is likely to be open or a specific application is running can allow attackers to craft the right attack,” Speake said. “Segregating the OT and IT sides of the house with few interconnections between them and flow always going from the OT to IT networks is necessary, and making sure we do not put things in to make it easier/cheaper at the expense of security. The more we have IIOT and devices connecting directly to the Internet, the less secure we likely are and more likely to see incidents affect our ICS/SCADA systems.”

read the full story at www.issssource.com

 

About the author

Graham Speake is an expert on security related to operational systems.