Cybersecurity risks for industrial organizations continued to grow in 2022. Attacks increased especially in industrial infrastructure sectors, but also accelerated in the electrical and manufacturing verticals, as well as in maritime transport. According to Claroty, most attacks originated from opportunistic attackers targeting critical infrastructure, as well as from APT groups that specifically focus on industrial control system (ICS) and operational technology (OT) infrastructure. The TTPs (tactics, techniques, and procedures) used by these groups are becoming increasingly sophisticated. Likewise, there is a rise in Ransomware-as-a-Service and Supply Chain attacks. New strains of industrial malware have been identified, such as INDUSTROYER2 and the modular ICS/OT malware PIPEDREAM. The latter represents a new level of ICS attacks, as it is modular and capable of exploiting vulnerabilities across multiple vendors with destructive impact. The geopolitical conflict in Ukraine has also significantly affected the ICS cyber domain, with observed wiper malware attacks against Ukrainian critical infrastructure.
Claroty Team 82 published a report on XIoT vulnerabilities for the second half of 2022, affecting OT, the Internet of Things (IoT), and more recently, the Internet of Medical Things (IoMT).
The report also contains some positive news: the decreasing number of vulnerabilities proves that manufacturers are increasingly aware of the need to secure cyber-physical systems, and are allocating time, personnel, and financial resources to patch software and firmware. Positive trends are also visible among some Slovak operators of essential services and critical infrastructure, where new firewalls have been deployed, networks segmented, or threat monitoring in OT environments implemented. Nevertheless, we are still far from reliable OT security. Trends for 2023 include escalating attacks on maritime transport, LNG terminals, and satellite space systems. In OT, the trend toward XIoT cloud is growing, bringing new challenges. Business is increasingly pushing industry toward predictive maintenance, digital twins, improved analytics, and greater production efficiency. At the same time, cloud storage introduces new attack vectors.
Private manufacturing companies in Slovakia must actively participate in their own cybersecurity defense and make decisions based on risk tolerance and expected return on investment. Companies falling under the state's critical infrastructure have a duty to protect community and national security from known threats.
However, expecting every organization to ensure all aspects of OT security at an adequate level is unrealistic, given the complexity involved.
Accura s.r.o recommends 5 measures for effectively securing ICS:
Measure No. 1 – Incident Response Plan Specific to ICS
Organizations must have an incident response plan tailored to the ICS environment. A common mistake is to treat incident response as the final phase of the security program. The result is a misalignment of implemented security controls with actual needs, lack of detection tools, poorly designed architecture, or absence of a response plan. A key component is the ability to perform root cause analysis of an incident, which requires OT-specific tools.
Measure No. 2 – Secure ICS Architecture
A secure architecture reduces risks through design that adheres to vendor recommendations and the IEC 62443 standard. Attributes of secure architecture include:
Automated asset identification and inventory
Network segmentation and monitoring of transition points
Log collection and analysis
Secure VPN access to OT networks
Measure No. 3 – Cyber Threat Monitoring
In complex environments, identifying the root cause of incidents is increasingly difficult. ICS monitoring helps detect and isolate threats, preventing downtime and complicated investigations. Monitoring often also reveals common operational issues, such as Profinet bus failures.
Measure No. 4 – Secure Remote VPN Access
Digitalization has led to increased VPN access, which is a frequent target for attackers. Attacks targeting suppliers, integrators, and manufacturers allow adversaries to pivot into OT networks. Implementing secure remote access is essential.
Measure No. 5 – Security Policies and Risk Management
Many industrial organizations lack sufficient personnel to manage cybersecurity on a daily basis. A shortage of specialized knowledge and experience often results in missing processes and policies. Without clearly defined rules, the risk of incidents, downtime, and even threats to employee safety increases.
Accura s.r.o can assist with the implementation of cybersecurity measures through outsourcing, consulting, or the services of an external cybersecurity manager.
Martin Fábry, BSBA
Managing Director and ICS/DCS Security Architect and Consultant at Accura s.r.o.
Miletičova 550/1
821 04
Bratislava, Slovensko
📧 accura@accura.io
🌐 www.accura.io