OT/ICS Security in contemporary age

Written by PHOENIX project on 27. 03. 2022.

The PHOENIX Project is developed exactly for this scope, to cyber-fortify the European EPES infrastructure by enabling and coordinating advanced, adaptive, and cooperative detection of large scale, cyber-human security and privacy incidents and attacks.

Industries across the globe rely on operational technology (OT) and industrial control systems (ICS) to support their mission-critical infrastructures. At the same time, we expect utilities to work, water to flow, communications networks to stay on, and trains to keep moving. Industrial areas such as power grids, transportation, water monitoring and distribution, oil and gas, and communications systems, all rely on ICS systems to deliver essential services. If these systems are left vulnerable to attack, they can open the door to serious, even catastrophic events.

Also, increased reliance on intelligence processing, exploitation, and dissemination, networked real-time communications for command and control and a proliferation of electronic controls and sensors in most types of equipment and facilities have greatly increased dependence on energy, particularly electric power.

Although the power grid has long been susceptible to natural disasters, deliberate attacks, and the problems of aging infrastructure, its vulnerability to attacks is increasing

A couple of years back, the U.S. Energy Department warned of “an imminent threat” to the electrical grid. This was yet another reminder of just how dependent we are on critical infrastructure networks and how vulnerable these systems are to the potential of cyber-attacks.

The ability of adversaries to exploit vulnerabilities through cyber means has expanded, creating considerable risk to the stable supply of electric power. Strictly preventive measures have been unable to completely eliminate threats to the electric power grid.

Recent armed conflicts have seen both physical attacks and cyberattacks on electric power grids, but the problem has also affected other types of businesses and infrastructure. Despite guidance documents that press for the use of cybersecurity best practices across a range of industries, state actors have used cyber means to carry out notable attacks against numerous public institutions, private organizations, and individuals.

The truly scary lesson in all these attacks until now was not related to what happened more than what didn’t happen. Hackers were able to successfully access major infrastructure facilities, but still, no municipal water supplies were poisoned, no nuclear power plants melted down, no electrical grids went down, and no trains crashed.

Hackers, in this instance, either chose not to push their limits or had limited capabilities but the main question we need to ask ourselves as we look forward is, how long can dumb luck keep us safe?

According to the 2019 Global ICS & IIoT Risk Report published by CyberX “The data clearly shows that industrial control systems continue to be soft targets for adversaries. Lack of even basic protections like automatically updated anti-virus enables attackers to quietly perform reconnaissance before sabotaging physical processes.”

As their key findings were:

40% of industrial sites have at least one direct connection to the Internet.
16% of sites have at least one wireless access point.
57% have weak antivirus protection.
84% have at least one remotely accessible device.
69% have security gaps in areas such as plain-text passwords.

The main conclusion is that organizations should implement proper safeguards to secure their industrial control systems.

PHOENIX Project is developed exactly for this scope, to cyber-fortify the European EPES infrastructure by enabling and coordinating advanced, adaptive, and cooperative detection of large scale, cyber-human security and privacy incidents and attacks.

Using coordinate European EPES cyber incident discovery, response and recovery and Incidents’ Information Sharing platform (I2SP) it acts at a pan-European level as a decentralized, trusted-by-design near real-time cybersecurity information awareness platform, coordinating the information exchange among authorized EPES stakeholders, utilities, CSIRTs, ISACs, CERTs, NRAs, and the strategic NIS cooperation group.

Sources:

https://www.rand.org/content/dam/rand/pubs/research_reports/RR3100/RR3187/RAND_RR3187.pdf

https://www.balbix.com/insights/ots-and-ics-security-the-next-big-challenge/

Image source: https://www.rand.org/content/dam/rand/pubs/research_reports/RR3100/RR3187/RAND_RR3187.pdf

Cookie	Type	Duration	Description
__cfduid	1	1 month	The cookie is set by CloudFare. It is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
_wpfuuid	0	10 years	Contact form UUID (Universally Unique Identifier) cookie. It allows the plugin to connect entries by the same user and does not contain or represent any personal information or entry details.
cookielawinfo-checkbox-necessary	0	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary	0	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary".
test_cookie	0	11 months
viewed_cookie_policy	0	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. It is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors.
_gat_gtag_UA_152331303_1	1 minute	Google uses this cookie to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. It is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.

OT/ICS Security in contemporary age

Energy Shield

BRIDGE

Success

Defender

NRG-5

sofie-logo

Elsa

interflex

Intergrid

NobelGrid

PROMOTioN-Logo-RZ-RGB

logo_reserve_sRGB

wisegrid-logo