Win32/Industroyer, some believe, may be the biggest cybersecurity threat to the power grid since Stuxnex. An article in The National Interest magazine warned a successful cyber attack on the grid could cause up to $1 trillion in damage.
Below is a list of comments from two cybersecurity experts on the state of defense against Industroyer:
Terry Ray, chief product strategist for Imperva:
“We are beginning to see an uptick in infrastructure attacks, and in the case of Industroyer, the attackers seem to have extensive knowledge about industrial control protocols. Since the industrial controls used in the Ukraine are the same in other parts of Europe, the Middle East and Asia, we could see more of these attacks in the future. And while these attackers seem to be content to disrupt the system, it’s not outside the realm of possibility that they could take things a step further and inflict damage to the systems themselves.
“While ICS are used heavily in energy and water, both certainly critical infrastructure, it is also used in large scale automation, which can include, manufacturing, shipping, aerospace and other industries that should also take note of such exploits.
“Many of these industrial control systems have been in operation for years with little or no modification (no anti-virus updates or patches). This leaves them open to a wide range of cyber threats. It is therefore imperative that we find alternative measures to manage the risk.”
Paul Edon, director of international customer services for Tripwire:
“Historically Industrial networks have used airgap and diode based architecture to defend against the risks associated with corporate intranet and Internet communications. However, due to economic pressures i.e. increasing costs and decreasing numbers of skilled resources, it has become necessary for many organizations to centralize some of the management and control functions that would have previously been local to industrial plants, refineries, distribution facilities etc.
“This centralization has meant expanding the reach of the enterprise network into the industrial environment, and in doing so, exposing those industrial environments to levels of cyber risk for which they were neither secured nor designed.
“Post design security is always a much greater challenge than the “security by design and default” that we would expect today. However, the majority of attacks can still be defended against by employing the same strategy as that used for the enterprise i.e. “Security Best Practise,” “Defence in Depth” and “ Foundational Controls.”
“For Security Best Practices, select suitable frameworks such as NIST, ISO, CIS, ITIL etc. to help direct, manage and drive security programmes and ensure your strategy includes all three pillars of security; People, Process and Technology.
“For defence in depth, protection should apply at all levels; Perimeter, Network and End Point. Again, make sure you are supporting your efforts using all three pillars of security; People, Process and Technology.
“For Foundational Controls, select the foundational controls that best suit your environment. Firewalls, IDS/IPS, Encryption, Duel Factor Authentication, System Integrity Monitoring, Change Management, Off-line Backup, Vulnerability Management and Configuration Management to name but a few. Don’t forget – ensure you are taking advantage of all three pillars of security; People, Process and Technology.
“We will continue to see the introduction of new threats targeting the industrial technologies, but it is important to understand that good security hygiene will greatly reduce the effectiveness and therefore the success.”