In this occasional series, we're bringing you a curated selection of recent articles from the automation cybersecurity community.
For today's post, we looked for relevant articles published in September 2020 that you might find newsworthy, useful, or interesting. It's a small sample of current news and thought leadership that affect the world of automation cybersecurity right now. Let us know what you think in the comments.
Even before COVID-19, large-scale industrial enterprises were a high-value target for threat actors. This year, cybercriminals seem to loom even larger. "For infosec experts at industrial enterprises, and especially at critical infrastructure facilities, the threat feels very real," this article states.
The cybersecurity firm Kaspersky Labs released the results of a survey addressing the state of industrial cybersecurity during a pandemic. 53% of respondents reported that more staff at their organizations are working from home due to the pandemic, and 95% of respondents said that their companies are now performing periodic assessments of the security level of OT networks.
The discovery of Ripple20, a collection of 19 vulnerabilities in a lightweight TCP/IP library in use since the 1990s, was a wakeup call for many organizations. Experts estimated the number of affected systems to be in the hundreds of millions, spanning everything from smart home devices to satellite communication equipment, transportation systems, and the power grid.
"Poor security practices implemented in industrial control systems (ICS) and the Internet of Things (IoT) have contributed to how vulnerabilities like those outlined in the Ripple20 research propagate throughout so many products," the author of this article writes. He outlines the risks inherent in increasing ICS cybersecurity, and argues that solutions are needed at an industry-wide level.
This transcript of a podcast episode dives into the details about newly discovered vulnerabilities in CodeMeter, a software management component used by many critical infrastructure systems. The podcast interviewed Claroty* security researcher Sharon Brizinov, who found the vulnerabilities.
"Because many ICS vendors integrated with CodeMeter, then if attackers will be able to exploit CodeMeter and attack CodeMeter, basically, it means that they will be able to get access to thousands of machines in OT networks," Brizinov told the interviewer. "...My message to anyone is always patch. This is the most efficient way to overcome vulnerabilities and be alert."
You might say that operational technology (OT) pervades our lives even more than IT—operational systems are not limited to the manufacturing and energy industries. OT security hinges on safety concerns: "where IT processes data, OT steers it to operate a physical action with an impact in the real world," as this article explains. In today's connected world, though, establishing good OT cybersecurity practices will also help ensure operational safety.
"IT/OT convergence and the digitization of operational information systems is leading to a breach in these historically hermetic critical systems. Therefore, it is essential to set up network segmentation as provided for in the [ISA/IEC] 62443 standard dedicated to the cybersecurity of operational installations. It provides system isolation and limits the spread of a cyberattack," the article says.
Satellites, a crucial part of global communications, are especially vulnerable to cyberattacks. Telemetry links may not be encrypted, leaving automatic data measurement and transmission open to disruption, and cyber threats to ground infrastructure are also an issue. As the region moves forward with the newly created African Space Agency, the African Union is drafting new policies to help ensure that cybersecurity best practices are maintained in the space industry.
"How we manage policy concerns around the Internet of Things (IoT) will be the determining factor of our fight against cyberterrorism in the space sector," the author of this article writes.
*Claroty is a founding member of the ISA Global Cybersecurity Alliance.
Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.