Protecting Industrial Networks: Key Risks and Attack Scenarios

Partner material “IT Integrator” and Cisco

What are the risks?

So what is the risk landscape for industrial networks? In the traditional world, IT risk is associated with threats that can undermine the confidentiality, integrity and availability of data and systems. The impact is mostly financial, such as cases of ransomware (Cryptolocker virus), bank fraud, or denial-of-service attacks that spread to web servers used by e-commerce sites.

Stages of Cyber Kill Chain

The Cyber Kill Chain phases consist of recognition, arming, delivery, operation, installation, command and control, and action on targets. For the events described below, it is assumed that the attacker is already “connected” to the industrial control network.

Industrial plant hijacking.

An attacker uses targeted IT distribution mechanisms (i.e., the malware communicates with the attacker’s “command and control” server) to spread the malware on the target network until it reaches the workstation in the industrial area. The primary targets are supervisory control and data acquisition (SCADA) and engineering stations because they contain important process information.

Wireless hacking

An attacker exploits publicly available or proprietary vulnerabilities in the wireless channels used (known WEP or WPA attacks). In this way, he can connect to the industrial control network and gain direct access to the heart of the system — design stations, SCADA stations, and programmable logic controllers (PLCs).

Gaining access to the plant’s field network

An attacker has direct physical access to a facility’s field network for their attack, such as having access to a computer cabinet along a distribution axis (a pipe in a sewer or along a water line). The field network provides direct access to the ICS equipment used to control the I/O modules. This is especially important in the transportation sector.

Dangerous Event A: Intellectual Property Theft

Intellectual property theft is an attack on a production control system aimed at stealing valuable process or production data. The attacker’s motive could be economic, such as stealing a production secret from a competitor.

Dangerous event B: Industrial sabotage

This scenario describes an attack on an industrial production system that leads to sabotage. The attacker’s motives could be cyberterrorism, competitive positioning, or even war between two countries.

Hazardous event C: Industrial plant maintenance failure

This scenario is more focused on a maintenance failure in industry. The goal is to stop the production of a continuous process at an industrial plant, such as an oil refinery, a water treatment plant, or a gas distribution network.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store