Cybersecurity incidents have shown that there can be major consequences for automation systems. There have been incidences where attackers have been able to manipulate the human resource interface console directly. It was only by chance that an operator in one particular instance happened to notice that his mouse pointer was moving across the screen and was clicking on certain valves to open them. Fortunately for this particular installation, the attackers hadn't thought to disable the operator controls. Had they have done that, the operator would have been helpless to have done anything about it. This was a water treatment plant where the hacker was trying to dump masses of doses of alkaline into the water to affect the PH level. This was prevented by the prompt action by the operator. Had the console been disabled, he would not have been able to take control.
The number of cybersecurity incidents are rising alarmingly
This poses significant potential risk for automation systems, especially those systems that are controlling hazardous processes. There was also an incident in a German steel mill where a hacker was able to get control. A worker was seriously burned as a result. It's only a question of time before something happens where there will be an unfortunate fatality.
When it comes to cybersecurity, what we have to look at is not just how we're protecting the system, but at all the links in the chain as well. The chain itself is only as strong as its weakest link and that often happens to be the human element. This is where the weakness occurs. Cybersecurity incidents have major consequences for automation systems like the water treatment plant and steel mill plant incident mentioned earlier the real major game changer in all of this was the Stuxnet incident in 2007. This was the first time that it was realized that control systems could be directly attacked and manipulated. Attackers were able to manipulate a Siemens PLC and the application randomly opening and closing valves which could have led to a major plant incident. Stuxnet became the blueprint for the production of malware and even some ransomware that's available on the dark web, where people can get hold of this code and can use this as a basis for creating their own form of malware.
From that point onwards it became very apparent that automation systems are very vulnerable to cybersecurity threats. Up to that point it was only regarded as being the Windows based portions of the system that would be vulnerable to potential cyber security attacks. Another incident that is worthy of mention is the colonial pipeline hack that occurred in May of 2022.
In this instance, it was a ransom note that was sent to the pipeline by the criminal hacking group known as the Dark Side that is believed to be based in Russia. Although this hasn't been proven, this is the suspicion. The attackers gained access to the corporate IT network through an unused virtual private network that enabled remote access to the corporate network.
Now, the thing to remember about Virtual Private Networks is that normally they have fairly sophisticated encryption. There's usually some form of multifactor authentication. But in this case, this particular VPN account did not require multi factor authentication. So the attackers were able to effectively establish remote access with just a compromised username and password.
This is why you should be mindful of cyber hygiene. Make sure that you don't use simple passwords or keep them in places where they can easily be accessed.
Believe it or not, 90% of operational technology organizations have experienced some form of damaging attack. And this is in the last two years. Overall it's estimated that 65% of all installed control systems, SCADA systems, supervisory control and data acquisition systems, remote terminal units, as well as programmable logic controllers, et cetera, 65% of all of those installed have experienced some form of cyber incident. If you think about the number of potential number of these systems that are around the world, that's a staggering number that have been affected by cybersecurity incidents. There are more attackers these days because of the ability to utilize the Stuxnet Blueprint.
Coming back to our human aspect again. You as an individual can help this. With the human element people themselves can make unintentional mistakes. Typically , of these cyberattacks that occur, 80% are usually within the company itself, inside the boundary. Of those internal incidents, nearly 80 % of those are all a result of unintentional attacks. It's what we call the stumbling, fumbling, bumbling. This is because people don't realize and don't understand that their actions can oftentimes cause potential problems.
If you would like to learn more about good cyber hygiene for automation systems, check out our CS 002 self paced training course.