Monday, March 4, 2024

How the Industrial Internet of Things (IIoT) Puts SCADA Systems at Risk

The Industrial Internet of Things (IIoT) is made up of interconnected sensors, instruments and other devices networked together with ICS/SCADA systems controlling water utilities, transportation systems, electric grids (the power grid) and other critical infrastructure systems.

The Industrial Internet of Things is a natural progression of the Internet of Things. Connected gadgets are becoming increasingly popular in our homes. They make our lives easier, more convenient and more fun, but also add a level of extra worry for those who think about the possibilities.

From your Amazon Echo to your IP security camera, they are all potentially vulnerable. When we take this to an industrial scale, the consequences become potentially much greater.

The essential nature of IIoT devices is that they are connected to Internet-based cloud services. The safety and the protection of a country’s critical infrastructures is a national security issue and so with this in mind, the safety of using IIoT devices should be closely examined.

An attack can come from anywhere. Of course, there may be a party with a political, environmental or personal reason to infiltrate a system, but also we cannot rule out that someone may try to do so just for a challenge, just for the hell of it, for no ultimate reason that could ever have been predetermined.

Consider the case of the Ukraine power grid cyber attack in 2015. The power structure was compromised and control over the SCADA systems landed in the wrong hands, resulting in almost a quarter of a million people having no power for their homes or businesses.

Given the extreme complexity involved in managing urban infrastructures, there is no blanket solution for bringing all systems online at once.

High-ranking government offices including the US DHS (United States Department of Homeland Security) struggle to predict with any degree of accuracy the likelihood of an attack, or the scope of such an attack on IIoT networks, and the effects of such an attack on SCADA systems.

What are SCADA Systems?

SCADA is an acronym for Supervisory Control and Data Acquisition.There are major differences between what happens if an IT system goes down versus what happens if a SCADA system goes down. SCADA systems are responsible for some critical urban infrastructures and many other kinds of industrial processes, integral to the smooth running of towns, and even countries.

There is a growing threat to the functionality of SCADA systems. An attack can affect urban online systems, infrastructures, power grids, water utilities and many more vital systems. The increasing frequency with which cyber attacks are taking place is cause for concern.

This is particularly alarming as it pertains to the IIoT and so it is of upmost importance that we ensure that IIoT devices cannot be compromised or mis-operated from compromised cloud services, resulting in physical problems. The repercussions of such problems could be huge and could put lives at risk.

For instance, an attacker could take down power to a town. Of course, it’s annoying when you have no power at home, but imagine a hospital with no power for the life support systems, or a city with no power for traffic lights. Suddenly the situation gets very serious very quickly.

SCADA systems generally monitor and control multiple PLCs (programmable logic controllers). PLCs form part of the Industrial Internet of Things. SCADA systems are typically used in electricity distribution networks and water systems.

Most SCADA systems are polled; a central master station sends requests every one to three seconds to distant PLCs requesting the current values of physical properties such as temperatures, pressures, flows, and equipment on/off statuses.

For example, when a PLCs measure a 1 degree change in the temperature of oil in a pipeline, the PLC reports the change the next time the central SCADA master asks the PLC for the current value of that measurement point.

Effective Ways to Protect Industrial Sites and Systems

It comes as no surprise that more industrial systems are going online every day. This naturally lends itself to increased security threats as increased connectivity offers increased opportunities to communicate attacks as well as to communicate legitimate data. Security is not the primary focus of OT. Yet, unbeknownst to many outsides of the field of system safety, operational technology and information technology are inextricably intertwined. There are several ways in which enhanced security can be provided to operational technology systems using IIoT devices, notably:

  • Signed patches by the IIoT vendor.
  • Ongoing monitoring of operational technology vulnerabilities by IT employees.
  • Fully updated user interfaces and full accounting of operational technology assets.
  • Regularly scheduled meetings with operational technology operators to understand the system requirements.
  • Background checks of all stakeholders involved in patching, monitoring, processing, delivering, and handling of physical hardware.
  • Unidirectional security gateway technology is implemented for securing the industrial control or SCADA network.

By the NIST 800-82r2 definition of “unidirectional gateway” the gateways are physically able to send information in only one direction – most commonly from a protected IIoT installation to the Internet. In addition, gateway software replicates servers and emulates devices.

Targeted attacks on SCADA Systems

Over the years, SCADA systems have been targeted by individuals, corporations, and governments seeking to inflict harm or damage on the operational structures they manage. The following examples are some that have been reported:

  • MaroochyShire Sewage Spill – back in early 2000, a disgruntled contractor of the MaroochyShire Sewage company committed a revenge attack against the company and the town council. He used a wireless radio transmitter to infiltrate the sewage treatment system and change data on SCADA control devices. As a result, over 800,000 litres of sewage was dumped into parks and the local river.
  • – this multi-government-sanctioned attack on the Iranian nuclear facilities took place in mid-2010. It was implemented within high security nuclear facilities via a USB flash drive and the Windows operating system. By the most credible estimates of the International Atomic Energy Agency, roughly 1000 extra uranium gas centrifuges were discarded from the Natanz uranium enrichment site during the months Stuxnet was thought to have been active. The worm slowly sped up and slowed down the centrifuges, most likely taking the centrifuges through critical vibrational resonance points,  which caused the centrifuges to shake to pieces.
  • Zotob Worm at Chrysler Plants – while not specifically a premeditated attack on the SCADA system, this virus infected Chrysler’s manufacturing plants via the Internet. The worm ravaged the control network through an infected computer and spread throughout the system ultimately resulting in 50,000 assembly line workers ceasing production for an hour.

It is clear that the protection of industrial systems, networks and communication channels is sacrosanct, insofar as SCADA systems are concerned. The security of SCADA systems is increasingly important and differs markedly from corporate IT security. For example, the primary risk differences between SCADA and corporate IT can be summarized as follows:

  • SCADA has very high integrity requirements while corporate IT has low to very high requirements
  • SCADA system failure could result in loss of life/serious injury, failure of service delivery and so forth. For corporate IT the losses will generally be confined to business operations only.
  • SCADA systems must perform in real time with no accommodation for latency. For corporate IT, latency may be acceptable.

SCADA systems are expressly focused on safety, while corporate IT focuses on confidentiality and integrity.

Securing SCADA systems and their new IIoT components will therefore continue to be a high priority for industrial enterprises.

Website

Latest articles

New Silver SAML Attack Let Attackers Forge Any SAML Response To Entra ID

SolarWinds cyberattack was one of the largest attacks of the century in which attackers...

AI Worm Developed by Researchers Spreads Automatically Between AI Agents

Researchers have developed what they claim to be one of the first generative AI...

20 Million+ Cutout.Pro User Records Leaked On Hacking Forums

CutOut.Pro, an AI-powered photo and video editing platform, has reportedly suffered a data breach,...

CWE Version 4.14 Released: What’s New!

The Common Weakness Enumeration (CWE) project, a cornerstone in the cybersecurity landscape, has unveiled...

RisePro Stealer Attacks Windows Users Steals Sensitive Data

A new wave of cyber threats has emerged as the RisePro information stealer targets...

Golden Corral Restaurant Chain Hacked: 180,000+ Users’ Data Stolen

The Golden Corral Corporation, a popular American restaurant chain, has suffered a significant data...

CISA Warns Of Hackers Exploiting Multiple Flaws In Ivanti VPN

Threat actors target and abuse VPN flaws because VPNs are often used to secure...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles