With the most recent cyber espionage campaign of the “Dragonfly” group publically identified as having used various malware tools including Havex (Backdoor.Oldrea) and the Energetic Bear RAT (Remote Access Tool), both of which specifically target control systems, now is the perfect opportunity to harden those Microsoft Windows-based industrial control systems (ICS). Just as important is hardening those computers that connect either directly or remotely to those systems.
Both malware applications mentioned above act as a back door for the attackers to gain access to a victim’s computer, potentially allowing them to extract data, perform monitoring and control, and install further malware on the compromised computer.
Use a “defense in depth” approach including multiple layers of security controls placed throughout the control system. This should include the normal cybersecurity fundamentals such as protocol scanning, deep packet analysis, firewalls, intrusion detection systems (IDS or IPS), host intrusion protections systems (HIPS), segmenting traffic (VLANS), policies, user access controls, physical access controls, backups, redundancy, training, contingency plans and other standard concepts available in the reference links below.
With regard to securing a Windows-based control system computer, the following concepts need to be addressed;
Every water system owner wants to deliver safe, potable water in a reliable manner while meeting the requirements of both state and federal regulators. Failure to address vulnerabilities can potentially open an attack vector to compromise the ability for a system owner to achieve those goals.
About the author: Darian Slywka is the Western Channel Manager for eWON, a Belgium-based industrial remote connectivity company providing secure solutions to OEMs, integrators, and infrastructure projects. His background and education includes environmental engineering, cybersecurity, and business development. He is licensed in water treatment and water distribution and holds numerous certifications in technology, networking, and more. Find him at http://darians.info
Image credit: "Dragonfly on Deck," Cecil Sanders © 2008, used under an Attribution 2.0 Generic license: https://creativecommons.org/licenses/by/2.0/