Next year, public utility operators will face more new challenges in industrial cybersecurity. However, the good news is that new developments will also help minimize these threats.
The bad news is: more complex ransomware will emerge; the Industrial Internet of Things (IIoT) will bring more threats; and the severe shortage of cybersecurity talent will continue to deepen. The frightening aspect is, there may be significant events that could lead to a national emergency declaration.
On the positive side, good trends will continue to drive security awareness and solutions to new levels.
-
New Ransomware Will Target Industrial Control Systems (ICS)
In 2017, ransomware like WannaCry, NotPetya, and Bad Rabbit caused significant disruptions across various industries. In 2018, this trend is likely to continue with new types of ransomware specifically designed to target industrial networks.
This prediction is based on research conducted last year by the Georgia Institute of Technology. Researchers at the institute designed a cross-vendor ransomware worm named LogicLocker, capable of attacking automation controllers. This ransomware worm can bypass weak authentication mechanisms of devices, lock out legitimate users, and implant logic bombs that cause industrial systems to execute dangerous operations, leading to severe consequences.
-
IIoT Brings Greater Security Challenges
The pressure for modernization, productivity enhancement, and operational efficiency has driven companies to adopt connected technologies and products, especially IIoT. However, the increase in connectivity has erased the traditional physical separation between industrial networks and IT networks. Many IIoT technologies lack protections, making it difficult to ensure that devices are not exploited by hackers. Thus, these devices are likely to expose ICS to numerous cyber threats and exploit attempts.
-
Shortage of Cybersecurity Talent Continues to Deepen
The shortage of cybersecurity professionals specializing in ICS has been a well-known issue. 2018 will not escape this continuing shortage.
Although most companies fully recognize the necessity of defending ICS networks, they struggle to define their ICS cybersecurity strategies and properly configure professional talent.
Successful deployment of industrial cybersecurity projects relies on the combination of IT and OT talent and resources. Effective oversight and leadership at the corporate level are critical for the success of these security initiatives.
-
Possibility of Emergency Events
The increasingly tense relationship between the United States and North Korea has attracted worldwide attention. The rhetoric between the two has escalated to the point of mutual threats involving lethal weapons.
The media has largely focused on North Korea’s nuclear weapons development and testing, with little coverage of the country’s cyber forces.
Another major player in the cyber forces arena is Russia. The 2015 incident that left 250,000 people in the dark due to a blackout of the Ukrainian power grid is reportedly attributed to Russia. Security experts believe that Russia has used Ukraine as a testing ground for its cyber capabilities, potentially aiming to hone its cyberattack techniques in preparation for attacks on other countries.
In 2017, UK Prime Minister Theresa May accused Russia of attacking the UK national grid and telecommunications companies.
By infiltrating industrial networks and secretly installing malware capable of shutting down critical infrastructure with a single click, state-sponsored hacker groups could potentially develop cyber capabilities that could put other countries in a state of emergency.
-
Increased Awareness of OT Security Vulnerabilities
In 2017, there was an increase in companies implementing ICS security solutions and integrating them with existing tools (such as SIEM and incident management systems).
In 2018, as ICS networks will generate more and more security alerts, exposing IT and executives to more security vulnerabilities that need addressing, this trend will continue.
-
Building Automation Will Be Included in Security Considerations
For years, the cybersecurity issues of corporate buildings have been overlooked, despite these buildings housing very important data centers and critical services. As companies increasingly recognize the threats facing their Building Management Systems (BMS) and Building Automation Systems (BAS), this neglected situation is rapidly changing.
BMS/BAS control many functions and services, including HVAC, lighting, water management, fire detection and suppression systems, CCTV, and access control. Typically, BMS/BAS systems are not connected to corporate networks and lack basic security controls.
-
More Implementation of Cybersecurity Frameworks
Although not always legally required, industrial security frameworks have indeed begun to gain popularity in recent years. Companies are seeking the best ways to gain visibility into industrial network activities. Therefore, in 2018, the trend of industrial security frameworks will not slow down.
Some of the most important frameworks include: the NIST Cybersecurity Framework and the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards.
-
Safer ICS Devices
Next year, ICS technology vendors are expected to launch a range of new products that support encryption and other embedded security controls.
While integrated protective features should enhance security, the reality is that most companies will take years to replace all legacy technologies. Even when the technology is fully updated, deploying deep defense strategies that address internal and external security threats across all critical devices remains the best approach.
