How to Close the Security Gap Between Industrial and Enterprise Network
Not so long ago, ICS or SCADA networks were physically separate from general enterprise networks. Optimal in terms of safety.
However, the massive increase in the Internet of Things (IoT) is creating more and more – accidentally or intentionally – links between industrial production networks and the general Internet. These bridges are becoming an ever greater threat to the industrial and manufacturing infrastructure.
Most security-minded readers will be familiar with the history of Stuxnet . Stuxnet was a worm that was able to infect and destroy the ICS infrastructure, which was crucial to the development of the Iranian nuclear enrichment program. Stuxnet was co-launched by US and Israeli intelligence agencies and was the first cyber attack to break a SCADA computer system and physically destroy the manufacturing infrastructure in the real world.
Using Stuxnet was not easy at the time. It needed:
- A custom manufacturing of infected USB drives
- Smuggling the infected USB drives into the Iranian supply chain
- The support of collaborators in the Iranian nuclear program
With the techniques available at that time, it would not have been possible to equip and successfully deploy Stuxnet without the support of two major world powers. This is now over 8 years ago. Today’s effort is no longer needed to infect an industrial network. This is very easily done today by the industrial Internet of Things (IIoT).
Sean McGurk, former director of the National Cyber Security and Communications Integration Center (NCCIC) at the Department of Homeland Security, made the following sobering statement:
In our experience, when conducting hundreds of vulnerability assessments in the private sector, we have never found an end-to-end disconnection of the plant network from the SCADA system or the energy management system. On average, we see 11 direct connections between these networks among the respective companies. In some extreme cases, we have identified up to 250 links between the actual producing network and the corporate network
In other words, even if one thought that one had a fairly secure separation of the networks, it remains likely that there is an unnoticed connection somewhere – for example, a direct, active connection via cable or radio – which nevertheless connects these critical networks. The IIoT naturally thwarts the physical network separation. IoTs are mostly managed by the IT over WiFi, because a constant power supply of the sensor data of ICS devices is necessary. Given that 80% of the most powerful industrial companies have adopted the IIoT technology, in practice, one can no longer speak of a complete separation of the critical networks.