Battle stations: industrial cyber crime
19 Oct 2015 by Rob Smith
As computer hackers set sight on industrial targets, cyber security experts are throwing their weight behind a new class of solutions.
Cyber security has taken quite a battering in recent years, with high-profile hack attacks frequently making the headlines worldwide.
Over 33 million users of the online infidelity site Ashley Madison had their data publically leaked in July this year by a group of hackers dubbed ‘The Impact Team’.
We attack our own equipment and we use McAfee solutions to see how we can protect our equipment against cyber-attacks
Honeywell Process Solutions’ Safdar Akhtar
And early last year, hackers gained access to the records of many of eBay’s 128 million users, forcing the company to request that all of its customers update their passwords.
Even as this issue of Process Engineering was going to press, Apple was removing a number of malicious apps as the company suffered its first major attack from hackers.
Early indications suggest iOS (iPhone operating system) users in China were the target of the attack - known as ‘XcodeGhost’.
Cyber-attacks of this nature are increasingly commercially motivated, say security experts.
“The UK government released data in June 2015 to show that the average cost of a serious cyber security breach doubled from last year’s figure of £600,000 to £1.46 million,” says Tekena Fubara, concept engineer at oil and gas firm Shell.
They may have a lower profile than retail giants such as eBay, but the process industries are far from being immune to cyber attacks.
“The US Department of Homeland Security’s Industrial Control System Emergency Response Team has reported a 25% rise in cyber security incidents in the industrial sector since 2011,” Fubara says.
“Industry leaders have also reported a 600% increase in industrial control system vulnerability disclosures in the last few years,” he adds.
Indeed, reports emerged in July last year detailing how more than 1,000 energy companies across Europe and the US had been compromised by a large-scale malware attack, which was orchestrated by a group of hackers known as ‘Dragonfly’.
The Dragonfly hack targeted industrial control systems (ICS) as a means of controlling oil, gas, water and electrical data systems, US technology firm Symantec suggests.
A statement on the Symantec blog said: “Dragonfly bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability.”
According to Symantec, the main motive of the attack was cyberespionage, and cited “potential for sabotage” as a definite secondary capability.
The average cost of a serious cyber security breach doubled from last year’s figure of £600,000 to £1.46 million
Shell concept engineer Tekena Fubara
Raj Samani, chief technology officer EMEA for computer security software firm Intel Security McAfee, says the Dragonfly hack was an attack against the Internet of Things (IoT) environment.
He suggests that the growing focus on IoT connectivity has increased the scope for cyber-attacks, thereby making hacks against critical infrastructure and industry far more likely.
Samani says the Dragonfly attack was specifically focused on the extraction of information, none of which has yet surfaced online.
“We have not seen the data come up. I can’t tell you what happened as a result of the Dragonfly attack,” he says.
According to Samani, hackers are constantly changing their objectives and are now providing access to company information for anyone who is willing to pay.
“The ‘customers’ are not even buying undisclosed or unknown vulnerabilities – known as zero days - anymore.They are buying the direct access,” Samani says.
Honeywell Process Solutions (HPS), which is working alongside Intel Security McAfee, says it is constantly developing solutions to help counter industry-specific threats.
HPS’ cyber security business development lead Safdar Akhtar says the company’s new cyber security lab in Atlanta, US was developed to help it stay one step ahead of the hackers.
“At the lab, we continuously attack our own equipment and we use McAfee solutions to see how we can protect our equipment against cyber-attacks,” Akhtar says.
“We collaborate to offer robust solutions for our customers to make sure they are cyber-safe and their plants are safe,” he adds.
Akhtar says the HPS lab introduces malware and Trojan viruses into a variety of control systems to explore the ways they can be breached.
“We have a setup where we have ICS in a fully automated environment and we bring in attacks from the outside and we attack our networks in real time to see which ones penetrate the systems,” Akhtar says.
He says the work undertaken at the lab translates into real cyber security solutions for HPS’ clients. HPS’ industrial cyber security platform Risk Manager was launched during April and is designed to monitor and measure threats as they are happening.
“It is a security system that pulls a lot of information from various Intel tools and end point security tools to find out what attacks are happening and what the vulnerabilities are,” Akhtar says.
“Risk Manager tells you the percentage of risk at certain points of your network and what needs to be done to mitigate those risks.”
Akhtar says Risk Manager can also operate in a ‘private mode’ to stop it being hacked, while still being connected to a plant’s devices so that production can remain fully optimised.
“Honeywell’s industrial cyber security Risk Manager addresses some of the biggest roadblocks to effective cyber security management,” says ARC Advisory Group vice president Sid Snitkin.
“It is designed to help ensure that operators are always aware of their cyber risks and have the ability to direct cyber resources to areas that require immediate attention.”
Power management firm Eaton is another company attempting to do battle against the hackers.
Its industrial cyber security system, Tofino MTL 9202-ETS, is designed as a defensive solution that, according to the company’s product line manager Roger Highton, provides process managers in the power, utilities, oil and gas and water and wastewater industries with highly effective security protection.
“Tofino is a defence in depth tool,” Highton says.
“The default setting lets everything [in a plant] communicate and monitors that communication over a period of time,” he says.
“Tofino will then suggest either a blacklist or whitelist solution dependent on the plant’s approach – often it is a combination of the two.”
Highton says having the defence in depth to limit communication is critical when strengthening a plant’s cyber security.
EMERGING TECHNOLOGY
Digital disruption:
Understanding the implications of new technologies is crucial for their safe integration in our everyday lives, says the Meta-Council on Emerging Technologies, established by The World Economic Forum. “While never without risk, technological breakthroughs promise innovative solutions to the most pressing global challenges of our time,” says Bernard Meyerson, chief innovation officer at IBM, and council chairman. So which developments does it list as most likely to create disruption across the industrial world?
Rise of the machines:
A new age of robotics will shift them from big manufacturing assembly lines, into a wider variety of tasks. Better and cheaper sensors, cloud-computing and GPS technology, will combine with more flexible and adaptive components to result in smaller, more dextrous robots designed to handle manufacturing tasks that are laborious or dangerous for human workers. “Even considering advances in design and artificial intelligence, human involvement and oversight will remain essential,” says the report.
Artificial intelligence (AI):
Artificial intelligence enables a machine to perceive and respond to its changing environment. Emergent AI takes this a step further, with progress arising from machines that learn automatically by assimilating large volumes of information. While this will lead to significant productivity advances as machines take over - and even perform better – it clearly comes with risks, says the council. Although decades away, the risk of super-intelligent machines one day enslaving humans is taken increasingly seriously by experts. Neuromorphic technology: Neuromorphic chips aim to process information in a fundamentally different way from traditional hardware, mimicking the brain’s architecture to deliver a huge increase in a computer’s thinking and responding power. Potential applications include: drones better able to process and respond to visual cues, more powerful and intelligent cameras and smartphones, and datacrunching on a scale that may help unlock the secrets of financial markets or climate forecasting, the council says.
Material World:
Distributed manufacturing: The idea of distributed manufacturing is to replace as much of the material supply chain as possible with digital information. To manufacture a chair, for example, digital plans for cutting the parts of a chair would be distributed to local manufacturing hubs using computerised cutting tools known as CNC routers. Distributed manufacturing will result in more efficient use of resources, but poses risks, says the council, because it will be more difficult to regulate and control. It may also disrupt traditional labour markets and the economics of traditional manufacturing.