The hacker group that attacked Google over the Christmas break in 2009 not only targeted the world's largest search engine but also other corporations including banks, defense contractors and their suppliers. No matter the industry, industrial communication networks need to be protected from malicious attacks and industrial espionage.
A month after the intrusion, Google announced that it and other companies were victims of a sophisticated cyber attack that used malware to steal intellectual property. It's suspected that the goal of the 'Operation Aurora' attack was to "quietly suck the crown jewels out of many companies while people were off enjoying their December holidays."
Companies Vulnerable to Hackers
The incident was a wake-up call for companies to take cyber threats seriously. A company can lose its competitive advantage when corporate documents, designs, production data and forecasts are electronically stolen. A secure industrial communication network is the only safeguard.
"Industrial IT networks that run manufacturing equipment are susceptible in two ways," says Mark Lynch, a professional engineer & industrial IT security lead. "Since production equipment is usually connected to business systems, they can act as an open door to the extensive corporate network. They are also vulnerable to industrial sabotage, now that this software technology has been publicly released."
Unprotected industrial communication networks can compromise corporate security in the following ways:
- Open access to industrial networks allows hackers to see how a company manufactures its products.
- Raw production data alone is useless but coupled with business information systems and supplier & inventory data, intruders may be able to determine a company's manufacturing capability.
- Since PLC programming is usually proprietary, hackers don't have low-level control of machines or access to sensor & actuators (well, up until 2010 when industrial PLCs came under cyber-attack). However, bandwidth bottlenecks on the production floor network can interfere with Distributed Control Systems (DCS) when copious amounts of data flood the critical communication lines.
- RF SCADA systems with limited uplink & downlink bandwidth, especially those that run on VHF, UHF & VSAT, are extremely vulnerable to Denial of Service (DOS) type of attacks which can affect real time monitoring & control of remote systems.
- If communication with the central controller is comprised, the remote site with the telemetry equipment needs to have the autonomous intelligence to either shutdown gracefully or prevent unsafe consequences until control can be re-established. Proper control system design must be incorporated into the underlying software.
- Depending on the size of the industrial control system, remote locations with RTU's & PLC's need to have more than an audit or heartbeat protocol. Periodic authentication with the base needs to verify a valid master controller and operator.
With SCADA and control systems moving from proprietary technology to more standardized and open solutions, critical industrial IT networks are becoming more vulnerable to attacks by skilled & well-funded software hackers, probably trained engineers.
These cyber attacks are only discovered & patched after a corporation has been victimized. And evidence shows that hackers are coordinating sustained infiltrations to gleam as much data as possible for as long as possible.
These threats can be mitigated by good control system design and secure industrial communication networks that incorporate authorization, authentication and load monitoring.