Elevate Xchange JAN 18 Roundtable Forum on “Data is the NEW Currency.”
All content written & provided by Armis's website: https://www.armis.com
Recent global events highlight the critical nature of Crit.IX™
Over the past few years, we have seen a steady increase in notable attacks and
vulnerabilities on Operational Technology (OT) targets highlighting the increasing risks
faced by critical infrastructure systems.
One significant example was the attack on an Iranian steel mill, which was reportedly carried out by the “Predatory Sparrow” hacktivist group back in June 2022. The group stated that it caused a serious fire within the facility and even released a video that appeared to be CCTV footage, showing workers evacuating an area of the plant before a machine began emitting molten steel and fire. The attack is significant due to its rarity in causing physical damage, as most cyber-attacks typically occur in the digital realm.
Another high-profile incident involved the Colonial Pipeline, one of the largest fuel pipelines in the United States. In May 2021, the pipeline suffered a ransomware attack that disrupted fuel supplies along the East Coast. The attack exploited vulnerabilities in the pipeline’s IT network, causing operational disruptions and triggering fuel shortages in various states. This event highlighted the interconnectedness between IT and OT systems and emphasized the need for robust cybersecurity measures across all aspects of critical infrastructure.
These examples serve as stark reminders of the growing threat landscape and the urgent need to bolster defenses, implement robust security measures, and promote collaboration between stakeholders to safeguard critical OT systems from potential attacks and vulnerabilities.
ICS vulnerabilities pose a significant risk to critical infrastructure, including power plants, manufacturing facilities, and oil refineries. Responsible vulnerability disclosure plays a crucial role in ensuring the protection of these systems from potential attacks and minimizing the impact on public safety and operational continuity.
Armis takes responsible disclosure very seriously and is pleased to be able to work with Honeywell to find a route to support organizations who will be left exposed to these critical vulnerabilities. Armis Technical White paper outlines the details of the vulnerabilities and how the Armis team found them – link can be found here
How can Armis help?
The development and deployment of patches to resolve vulnerabilities present in controllers and engineering workstations in OT environments is essential to reduce the attack surface. Due to the business criticality and their impact in operational processes, the release and installation of patches for these assets requires a very thorough QA process and most likely a maintenance and outage window, which can take a long period of time to coordinate and ultimately to complete. It is reasonable to assume that affected assets will remain vulnerable for a long period of time. During this time, mitigations can be implemented to detect and prevent attacks on these critical infrastructure assets.
Armis customers can leverage the Asset Intelligence and Security Platform to protect their network in the following ways:
Achieve comprehensive Asset Visibility. By obtaining an accurate inventory that encompasses every aspect, from hardware to firmware and software version, organizations can effectively identify vulnerable servers and controllers in their environment.
By implementing a Vulnerability Management program that prioritizes according to risk, organizations can effectively minimize their weak points and reduce the risk of exploits targeting devices without available patches. Moreover, promptly applying security patches upon their release will significantly decrease the window of vulnerability for these devices.
Since the discovered vulnerabilities require only network access to a vulnerable device, Network Segmentation will go a long way in preventing exploitation of these vulnerabilities. By separating the network into distinct segments based on security levels or device types, organizations can limit the lateral movement of attackers, effectively containing potential threats and mitigating the impact on vulnerable devices. The segmentation effort in OT environments can be achieved using an industry reference model such as the Purdue Model, which represents a logical or functional view of OT environments and can be used to identify any deviations from OT assets expected behaviors, especially assets communicating to Level 0 and Level 1 from higher-level assets including assets in the IT networks. The segmentation can be achieved by understanding these asset behaviors in order to whitelist only the expected ones.
Experience has shown that even well protected networks are susceptible to breaches. Thus, it becomes imperative to implement a robust Threat Detection system capable of identifying exploit attempts spanning the entire network and encompassing all devices, including IT, OT, and IoT. Employing a blend of detection techniques, including signature-based analysis, anomaly detection, and indicators of compromise (IOCs), adds an extra layer of security, augmenting the overall defensive posture in the event of an attack.