2.4 ICS Security Trend

All in all, with IT and OT converging at a rapid pace, ICSs will be exposed to more threats that are evolving faster and faster. The threat evolution is reflected in the following aspects: (mais…)

2.3.2 ICS Vulnerability Trend

As industrial control has been delving deeper in recent years, more and more ICS vulnerabilities are discovered by researchers. As vulnerabilities publicly available are only a small portion of those hidden in ICSs, the possibility of ICS vulnerabilities being stashed as potential cyber weapons cannot be ruled out. The following sections analyze the trend of ICS vulnerabilities by reference to data publicly available. (mais…)

2.3 Vulnerabilities in ICS Assets

Most ICS security mechanisms are short of authentication, encryption, and audits, and therefore such ICS assets are rather vulnerable. When connecting to the Internet, ICSs are susceptible to external probes or identification via special fields included in information returned through public or private communication protocols, web services, telnet, and FTP. In this way, ICS assets can be easily controlled by attackers. In addition, more and more ICS vulnerabilities are identified by researchers, leaving ICS assets exposed on the Internet rather vulnerable. (mais…)

2.2.3 New ICS Attack Framework “TRITON”

In the middle of November 2017, the Dragos, Inc. team found malware tailor-made for ICSs and identified it as TRISIS (referred to as TRITON in this document) because it fixed it gaze on Schneider Electric’s Triconex safety instrumented system (SIS), enabling the replacement of logic in final control elements. (mais…)

2.2.2 Dragonfly 2.0 Malware The Dragonfly organization, also known as Energetic Bear, mainly carries out cyber espionage activities targeting electric power operators, major power generation enterprises, petroleum pipeline operators, and industrial equipment providers in the energy sector. According to a Joint Analysis Report (JAR) released by the Department of Homeland Security (DHS), Dragonfly is a […]

2.2 ICS-Targeting Malware Analysis

In recent years, more and more malware took ICSs as targets, causing an increasingly great damage.

The following sections analyze major ICS-targeting malware. (mais…)

Typical ICS Security Incidents

As ICSs are increasingly informatized and open, more and more attacks are hitting ICSs, doing an increasing harm. ICS-targeted attacks use the IT network as a springboard to affect the operating of OT systems. Currently, attacks against ICSs are carried out to achieve three purposes: disrupting the normal operating of ICSs, obtaining ICS data, and making financial gains. (mais…)

Technical Trend of ICS Information Security

1.3.1 General Introduction

As the application of IT technologies in industrial fields is expanding in breadth and depth, ICSs are facing an increasing number of security risks. ICSs’ original security protection systems which
feature border separation and protection tend to be associated and integrated with business. With the emergence of new application forms such as industrial clouds and industrial big data, ICS security products need to surpass the existing products in terms of functions and application form, so as to better adapt to new applications. (mais…)

Development of ICS Information Security

Since the Stuxnet virus explosion, countries all over the world have taken ICS security issues to a new height by actively working out and introducing related policies, standards, technologies, and solutions.

A look into ICS security developments around the world reveals that the USA is the first to research and implement ICS security standards. North America Electric Reliability Corporation has conducted security checks on electric power (including nuclear power) enterprises according to requirements defined in CIP series standards. Europe has inspected security of industrial control products in accordance with WIB standards. Some counties represented by Germany are diverting their efforts to ICS security in compliance with ISO 27009. Japan, in line with requirements of IEC 62443 and Achilles Certification, stipulated in 2013 that all ICS products can be applied in the country only after they are certified by national standards. Also, this country has conducted ICS security checks and construction in energy, chemical, and other critical sectors. Israel has set up a state-level ICS product security inspection center to perform security inspection on ICS products before they are connected to networks. (mais…)

1.2 Development of ICS Information Security

As industrial informatization advances at a rapid pace and the industrial Internet, industrial clouds, and other new technologies spring up, information and network technologies and IoT technologies have found wide application in smart grid systems, intelligent transportation systems, and industrial production systems.

For the sake of inter-system collaboration and information sharing, ICSs are breaking out of the traditional model of previous dedicated systems that run in a closed-off manner and begin to incorporate some standard and universal communication protocols and software and hardware systems. Some ICSs can even connect to the Internet in one way or another, thus breaking the protection barrier formed by the enclosed network, but exposing those systems to more threats.

As ICSs are most commonly seen in a country’s critical industries such as electricity, transportation, petrochemical, and nuclear sectors, cyberattacks targeting those systems will cause a more serious social impact and economic loss. Out of political, military, economic, and religious reasons, adversary organizations and countries and terrorist criminals can make industrial control systems their attack targets for malicious intents. (mais…)