2.4 ICS Security Trend
All in all, with IT and OT converging at a rapid pace, ICSs will be exposed to more threats that are evolving faster and faster. The threat evolution is reflected in the following aspects:
- ICSs, which were previously deployed on the isolated intranet, are gradually connected to the external network. This is a response to the need of the industrial control industry as well as a must of social progress. However, most ICS security mechanisms are short of authentication, encryption, and audits.
- Also, people, when designing ICSs, fail to realize that they would have the chance to access the Internet. Therefore, ICSs, once connected to the Internet, will be exposed to new security risks.
- Cyberattacks, which originally affect virtual assets, have evolved to do damage to the physical world, that is, beginning to target embedded systems installed on computers.
- Technical changes, including generalization, software and hardware combination, and interoperability, directly contribute to attack surface expansion. Penetrating into ICSs through the Internet has become an important attack approach, making any ICS a potential target.
- Traditional viruses and ICS viruses are interwoven, as demonstrated by the Stuxnet virus.
- Attacks using computers as a springboard may evolve into direct attacks against ICSs in the future.
- The extremely difficult attacks that exploit unrevealed vulnerabilities will develop into attacks which can even bypass the underlying knowledge barrier of ICSs, by combining common attack means.
- It is difficult to discover and alert attacks: It is difficult to acquire hardware (expensive or difficult 2019 ICS Information Security Assurance Framework to buy) and debug (embedded) them. There is a wide variety of devices which use all sorts of proprietary protocols. Besides, little information is made publicly available regarding ICS software.
- Industrial control devices are facing increasingly severe 0-day issues. Owing to the long cycle of maintenance and testing, industrial control device vendors tend not to fix vulnerabilities in time. Sometimes, they release patches even a year after vulnerabilities are revealed. Even though related patches are released by vendors, these patches usually are not installed in time to address vulnerabilities in devices in industrial control fields due to the continuous operation of devices as well as reasons in the management and technology aspects.
- More and more ransomware viruses will target ICSs. Currently, ransomware viruses such as WannaCry mainly attack IT systems in ICSs, like master devices and ERP systems. In the future, ransomware viruses will arise against OT systems such as PLCs and DCSs.
- Denial-of-service vulnerabilities in ICSs are getting more and more dangerous and possibly responsible for significant security incidents.
In conclusion, as ICSs are facing increasingly serious security threats, ICS security is a long-term process that never ceases changing.
To be continued.