Home / Blog / Taking industrial control systems offline

Taking industrial control systems offline

Much has been written about the Industrial Internet of Things (IIOT). And we’ve even contributed a bit of what’s been written ourselves, as we did with a June post on the IIOT. As has been widely noted, one of the main challenges facing the IIOT is its potential vulnerability to cyberattacks. As it now appears, it’s also plenty susceptible to problems that have nothing to do with security incursions by bad actors. We saw this July when a software update to Microsoft-based system – an update being made by CrowdStrike, a cybersecurity company, of all things – went awry. The resulting outages were global, and impacted a number of critical industries, including banking, healthcare, and the airlines.

The CrowdStrike outage will result in increased scrutiny of vulnerable systems, and maybe even some rethinking about the wisdom of uber-connectivity.

A piece on embedded.com in late June anticipated just such rethinking when it comes to the industrial control systems (ICS) that govern so many of our most important industries. In his post, Richard Kanadjian makes an argument for taking ICSs – a prime attack target – offline, and makes some suggestions for going about it.

Kanadjian details the “slew of warnings and security alerts” that have been emanating from various organizations of late. In May, Rockwell Automation – a leading ICS provider issued an alert suggesting that its customers remove ICSs that were not designed for “online exposure” from the Internet. Earlier on, beginning in 2020, both the National Security Agency (NSA) and CISA (Cybersecurity and Infrastructure Security Agency) have put forth regular advisories pointing out just how vulnerable internet-connected ICs are and, along with NIST (the National Institute of Standards and Technology) recommend “air-gapping,” which:

… involves physically isolating ICS from any internet connections, effectively eliminating the risk of remote cyberattacks. When a system or server is completely air gapped, it has no communication at all with the outside world, making it invisible and inaccessible to hackers. (Source: embedded.com)

This raises the question about how to manage software updates, patches, and data transfers, which have increasingly been automated and/or cloud-based.

As the recent CrowdStrike debacle illustrated, there’s much that can go wrong with updates that have nothing to do with security, but security remains a concern. Here the approach Kanadjian recommends is:

…hardware-encrypted mobile storage solutions, such as OS-independent, hardware-encrypted USB or SSD drives, [to] securely transfer software updates and data. These drives require a PIN for access, ensuring that only authorized personnel can transfer data. Typical encryption software is not enough to maintain security, as many ICS machines may not be able to run software encryption like AES-256, making a self-contained solution necessary. Storage drives, designed from the ground up to be data protection drives with a dedicated secure microprocessor, are compatible with various ICS operating systems, providing a versatile and secure method for updates, and meeting all criteria for the CIA Triad cybersecurity requirements.

Note that Kanadjian works for Kingston, which is not a neutral party here. This is Kingston’s business. The suggested cannot, however, be discounted.

The systems we rely on for national security, for our economic and physical well-being, are vulnerable to attack. If something as seemingly trivial as a failed software update can result in widespread flight cancelations, delayed medical procedures, and lack of access to banks, imagine the havoc that could be wreaked if a deliberate attack by a bad actor was made on our most critical systems.

We take so much that happens behind the scenes for granted, but when it comes to our industrial control systems, we obviously need to be hyper-vigilant.

 


Image Source: Driver Easy