Protecting your industrial control systems from cyber risk

Incidents resulting in large losses

As an insurance company we have been studying ICS risks for several years now. Recently we have seen many incidents at major industries resulting in large losses, adding up to hundreds of millions. Hereby malicious software gained access to the business network and encrypted all data. More sophisticated versions made an inventory of all data repositories including on-line back-ups first, before starting their destructive work. Without their data victims were paralyzed, and their options were limited to paying the ransom and hoping for the best or re-building their systems from scratch using off-line back-ups, if available.

Ransomware can spread rapidly

Because ransomware can spread rapidly, a global company network could be affected within minutes. So far, the preferred response has been to cut all connections, effectively shutting down the network. And in today’s world, enterprise resource planning systems are key and without them business operations are impossible.

Even when industrial control systems are not compromised themselves all activities will stop sooner or later as in manufacturing plants production numbers and demands for raw materials are no longer processed. In hospitals, patient data is no longer available and findings can’t be reported. 

In distribution centres it’s no longer possible to find pallet locations, to print address labels or to complete forms for customs.  However, with the ICS themselves not being compromised they will operate as planned. They would shut down safely without physical loss. In the insurance business this is therefore commonly referred to as non-physical risk.

The hacking of ICS is considered a physical risk

However, the hacking of ICS is considered a physical risk as it may result in injuries, loss of life or material damages! Examples are less known to the general public and include events such as hacking into the controls of a New York dam (2013), setting a German steel mill on fire (2014), breaking down the Ukraine power grid (2015), compromising the safety of a refinery in the Middle East (2017), and the attacks on the Russian power grid (2019).

These examples may seem a little extreme for an average organisation as they involve state-sponsored hackers and high-profile targets. But make no mistake! As it happened with malware targeting common IT systems we have no doubt that the tools used in the above attacks will trickle down and become available for use by common criminals.

Integrity is key

For ICS, integrity is key! Processes must be completed in a strict order depending on input provided by sensors. Users can select the order required using a Human Machine Interface (HMI). For example, a manufacturer of paper cups will have a strict order for producing their cups, which should always have the same appearance.

Should they want to produce another product they must select different parameters. Within the production process the users may have a bandwidth to adapt the process because they are using a raw material that may differ in quality. However, the ICS will control the upper and lower limits to prevent, for example, overheating. 

When we visit organisations as part of our risk management surveys we find that automated solutions are replacing part of the human workforce. This takes away the possibility for human intervention in case the process order is disrupted. We also see a lot of system integration. Where we used to have multiple machines on multiple lines, today a single more complex machine is combining their activities.

With the equipment becoming more complex, the number of people understanding them is reducing. Finally, we see that safety systems, which used to be independent (mechanical) devices, are moving along the same lines and sometimes are even merged with the very systems they are supposed to protect!