Is it just another commercial trick from ICS Cyber Security sector or something to take care about ?
From the Aurora experiment cyber attack
on a power generator in 2007, which was intended to demonstrate the ability to
produce physical damage to assets remotely, to this day, this type of attack
has materialized twice. (As far as we know).
The first
cyber-physical attack in history detected, documented and widely known in
the field of industrial cyber security professionals was STUXNET (2010),
which marked the beginning of the development of this discipline and most standards for critical infrastructure, as it demonstrated the
enormous destructive power of malware aimed at the destruction of the uranium enrichment centrifuges that Iran would use in its
production of nuclear weapons.
The second cyber
attack with physical consequences occurred recently (end of 2014) in a German steel plant, in which
a cyber attack triggered after accessing control network from the business network,
did not allow a graceful shutdown for a blast furnace, although the details and
effects thereof have not been studied with the same detail as in the case of STUXNET.
In 2015 the
interest on such attacks focus in altering the physical behavior of the
environment through cyber attacks has increased through experiments carried out
on cars, medical instruments and numerous
automation devices connected to the Internet.
In the last Black Hat 2015 USA and DEF CON 23, there were very interesting presentations about these Cyber Physical Attacks from Marina Krotofil and Jason Larsen describing many of them.
This post, and the next ones, studies the higher impact (and therefore riskier) attacks on cyber-physical
systems in critical infrastructure control networks and propose protection by making
some changes on organizations structures and procedures and new technologies of
intrusion detection based on analysis behavior of control protocols and
correlation of operational events.
Critical sector and critical infrastructure
To put into
context the domain to protect from such attacks, we describe the
characteristics considered critical infrastructure in Europe and in Spain.
In January 2009
it came into effect Directive 2008/114 / EC of the Council of the European
Union which established the need to identify Europe's critical infrastructures
in order to design strategies to protect them.
In this
Directive the need to identify infrastructure sectors of energy and transport,
leaving open the possibility that all member states identify additional critical
sectors.
As of December 2014
the European Agency for Network Security and Information Agency (ENISA)
published a guide for the identification of critical assets.
This guide showed
critical sectors already identified by
the member countries of the Union and can be seen in the following table:
|
|
Spain has identified twelve critical sectors:
- Energy (With three subsectors: Electricity, Oil and Gas)
- Nuclear
- Economics (Finance and Tax Administration)
- Water
- Transportation (With three subsectors: air, sea and land)
- Food
- Information Technologies and Communications
- Chemical
- Health
- Space
- Public administration
- Research
In each of these
sectors they have been appointed or will be appointed in the near future, a set
of Critical Operators (OC), which are those owners or operators of
infrastructures which provide essential services and whose attack could lead to
damages broad sectors of the population. This set of infrastructures will shape
our domain to protect and share a number of common technical characteristics.
Technical characteristics.
Many classified as critical infrastructure have a hybrid architecture in which there are networks of classical information technology (IT Network) and industrial control networks (OT Network) managing the elements that interact with the physical environment (cyber-physical systems). A basic scheme of this type of infrastructure could be the following:
Cyber-physical
systems control a particular process and are managed by network systems,
operate according to the following basic scheme:
The sensors
measure the current process values on fixed intervals and send them to the
control units assessing the need to seek concrete solutions to the actuators
orders that the process remains within the values for which it was created and
behave according to the original design.
Today all this
traffic control has been migrating to TCP networks and conventional operating systems,
which has made no earlier existing attack surfaces appear.
The key characteristics of the OT networks
can be summarized as follows:
- Less number of devices and services than IT networks.
- They should never be directly connected to Internet.
- Execute repetitive operations between its nodes and systems.
- Very sensitive to delays or communication problems.
But these
classes of networks also have strong weakness as:
- Use insecure or unauthenticated protocols.
- Often not segmented logically or physically.
- No possibility of installing third party software on some systems.
- No possibility of patching or update certain systems
These features
and constraints make protection of such critical networks very special and, as
discussed below, using specific strategies and technologies for this type of
environment.
In the next post we will dive on that.
