There has been an increasing number of cyber attacks targeting industrial control networks over the past year simply because the fact that these systems are connected to the internet makes them more vulnerable to hackers.
That is the claim of Marty Edwards, who heads-up the US Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, (ICS-CERT).
The organisation is responsible for helping US organisations investigate cyber attacks on control systems and corporate networks, but Edwards warns that many critical-infrastructure systems are too accessible and inadequately secured.
“I am very dismayed at the accessibility of some of these networks… they are just hanging right off the tubes,” he said. Edwards was speaking at the S4 security conference in Miami, Florida.
His comments come shortly after an incident last month that saw around half of the homes in Ivano-Frankivsk, Ukraine – a region with a population of 1.4 million people – left without electricity following a cyber attack against the Prykarpattyaoblenergo power company.
ICS-CERT has been investigating the incident and has identified the malware used against the Ukrainian power company as BlackEnergy 3, a similar strand of malware that is thought to have infected some US critical infrastructure operators during 2014.
However, despite the presence of malware, the Department for Homeland Security has said that it cannot draw any firm conclusions as to whether it was definitely BlackEnergy that actually caused the power outage – yet.
“At this time there is no definitive evidence linking the power outage in Ukraine with the presence of the malware,” said an official.
Speaking to Computing following the Ukrainian incident, Matthias Maier, technical evangelist at IT cloud services company Splunk, suggested that infrastructure providers need to segregate their networks to defend against the risk of a large-scale outage.
“It should be common practice to segregate networks, and having white-listing technology in place, rather than just anti-virus software, will allow only authorised actions to run,” he said.
And critical systems – even weapons systems – in the UK are equally under threat, with security experts warning that Trident nuclear weapons systems could be rendered useless by a cyber attack.