Analysis: Industrial control systems under attack

Industrial control systems (ICS) are integral to many services that society relies on, whether it is power grids, water treatment plants, nuclear and power plants or other critical infrastructure. But now, more than ever before, these systems are under attack.

Two years ago a highly sophisticated computer worm, Stuxnet, successfully attacked an Iranian nuclear power station, setting the country’s nuclear programme back by several years.

The worm uses specially incorporated malware to target Siemens supervisory control and data acquisition (SCADA) systems, which control and monitor specific industrial processes also prevalent in the electrical, water, oil and gas industries.

“Stuxnet was a wake-up call. Copycats and spin-offs are hard at work and we’re going to see interesting branches being revealed in the near future,” Doron Shikmoni, co-founder of network access control solutions provider ForeScout says.

Although the industrial control industry may now be aware, the security behind the systems is still “at least 10 years” behind corporate information systems, according to Paul Vlissidis, technical director at security firm NCC Group.

The problem is not only that the security is not up to date, but that the weaknesses within each system could worsen.

“As the complexity of a system increases, it becomes more prone to vulnerabilities; we can say that almost any ICS can be attacked,” claims Ruben Santamarta, a security researcher at security services firm IO Active.

Why would an ICS be attacked?

In January 2011, Stuxnet was alleged by the New York Times to have been the result of a combined effort from Israel and the US intelligence services.

“A sophisticated and targeted attack intended to cause as much damage as possible requires a huge amount of resources – including intelligence, cash, devices and skilled personnel – precluding everyone except nation-states or terrorist groups,” says Santamarta.

He adds that the reasons behind such an attack could be to cause political instability or damage opposing military facilities to establish advantages before initiating a physical conflict. Other motivations could be to extort corporations for money, cause personal damages or even to cause the loss of lives.

Smart meters

The cyber problems for national infrastructure continues with the advent of smart meters.

Gartner analyst Ruggero Contu says that there is potential for people to commit fraud by manipulating the data captured by the meter. Another concern, Contu says, is the privacy of data. A hacker could compromise a smart meter to find out about home owners’ peaks of use to learn when they are likely to be out.

More worrying still is the fact that smart meters are connected to smart grids.