Why we need to look at devices, not just data, to protect against real-world threats

Attacks on SCADA systems can cause significant, physical harm, which is why devices should be a security priority alongside data

This is a contributed article by Mark Belgrove, Head of Cyber Consultancy at Exponential-e

When it comes to cyber-security, organisations prioritise data. The many different types of attacks and vectors—phishing, distributed denial-of-service (DDoS) attacks and SQL injections, to name a few—are designed to capitalise on both human and technological vulnerabilities to access and disrupt corporate networks for financial gain or reduce business continuity. Businesses must therefore remain agile to ensure that their data is protected. Moreover, compliance with complex regulations demands the presence of data security solutions and policies. This results in tunnel vision for some; protecting data has become their sole cyber-security focus.

This blinkered approach is leaving firms vulnerable. As cyber criminals become wilier, their tactics are becoming more complex and varied, in order to exploit all avenues into networks. As such, it's essential that organisations adopt a more holistic approach to cyber-security, one that recognises that it is important to focus on devices, as well as data, in order to truly protect against real world threats. 

SCADA systems

Supervisory Control and Data Acquisition (SCADA) systems are high-level management devices designed to gather and analyse huge amounts of data in real-time from equipment systems. These are relied upon in Critical National Infrastructure (CNI) such as telecommunications, energy, transport and waste control.

SCADA systems are attuned to understand if an issue occurs across a network and mitigate the potential impact. For example, they can identify if a leak has happened, analyse the situation and transfer the information to the central site for rapid human intervention. The timely response of SCADA systems prevents critical damage and the potential loss of revenue or production.

From small-scale operations, such as individual office buildings, to more complex, larger systems such as nuclear power plants, SCADA systems are tailored to meet the needs of the specific deployment, forming an essential part of organisations. They manage faults and keep operations running - and it's this significant role which makes them a key target for cyber criminals.

A decade of attacks

Protecting SCADA systems is often overlooked when organisations devise their cyber-security strategies. Some may assume that devices come equipped with their own defence measures, or aren't fully aware of the critical role they play and their need for protection. This could be a fatal oversight. If a hacker gains access to a SCADA network, they can cause significant physical harm to operations or those inside the firm - for example, if they manage to disable the devices which are responsible for flagging a leak. The people that rely on its output can also suffer as hackers can shut down a power grid, preventing access to electricity during a period of prolonged downtime.

For example, in 2010, Stuxnet, the malicious, weaponised computer worm which was developed to specifically target SCADA networks, destroyed more than 2,000 nuclear centrifuges at an Iranian facility, causing huge damage to the country's nuclear programme. In 2015, the first known cyber-attack on a power grid cut electricity to 230,000 Ukrainian homes. The attackers shut down 30 power substations for over six hours after using a malware called ‘BlackEnergy' to first breach the corporate network. The grid had to be restored manually as the SCADA system stopped working in its entirety. The UK's National Cyber-Security Centre also confirmed that hackers had targeted the UK's energy sector in 2018.

It's clear from these examples that it is increasingly important to safeguard SCADA systems as they become the conduit for nation-state attacks. These attacks are part of a larger ‘disruptionware' trend—an increase in the use of malware designed to suspend operations—and poses a significant risk to the utility sector, as many continue to use legacy systems that lack resilience and modern measures. Recent research, which created ‘honeypot' physical sites for cyber attackers to target, has shown how prevalent the problem is.

Protecting data alongside devices

To prevent malicious attacks on SCADA systems, organisations should use a comprehensive monitoring system that's embedded in their core that presents their security status through a single ‘pane of glass' view. Any network of devices creates so much information and contains numerous Graphical User Interfaces (GUIs), therefore, it is essential that it's easy to understand and in one place so it's actionable.

This real-time monitoring enables organisations to understand the status of their estate, evaluate potential threats and understand where improvements can be made. It also empowers them to identify intrusions into the network, anomalies in traffic, suspicious behaviour across applications and abnormal data access requests. This executive insight enhances visibility across the network and provides accurate information, which can be acted on, preventing critical damage to operations when under threat.

The physical threat to SCADA systems cannot be underestimated. The use of third-party contractors is rife across CNI organisations, and companies must ensure that everyone who has access is vetted. Cybercriminal gangs have been known to place ‘sleepers' within contracting firms to bypass network security measures.

To create a robust cyber-security strategy and keep pace with the latest, sophisticated cyber-attacks, organisations must protect both their data and devices. Adopting all-encompassing network security measures to monitor internal and external security issues is key to protecting SCADA networks from attack, alongside responding quickly if a hacker is able to infiltrate the system. This will prevent the network from experiencing costly downtime and minimising the potential for physical harm, as well as any reputational damage.

Developing a broad cyber-security strategy, which is introspective and can analyse data and devices across multiple networks, is critical to defend against the growing wave of SCADA- targeting cyber-attacks.