Earlier this year, an infection at the world’s biggest chip supplier, Taiwan Semiconductor Manufacturing Co. (TSMC), forced the company to halt production.
TSMC was forced to shut down its systems after a supplier connected tainted software via USB to the corporate network without first performing a virus scan. The resulting outage led to shipment delays and additional costs that the company estimated would hurt revenue by about 3%.
The episode hinted at the challenges involved in securing industrial environments, a task further complicated by the frequent use of USB drives by employees and contractors, who inadvertently allow malicious files entree into their networked or air-gapped environments.
Consider how easily the Stuxnet computer worm was able to damage centrifuges at a uranium enrichment facility in Iran almost a decade ago. The Stuxnet malware was automatically installed when a USB device was inserted. It then automatically propagated itself in the network, installed the malicious files on all networked devices, and executed whenever it found software for which it had zero-day exploits. This included infecting the PLCs, while suppressing any alerts to the end-user.
Stuxnet changed the risk calculus; it demonstrated that physical damage could be inflicted on an industrial control system (ICS). What’s more, it proved cyber adversaries could manipulate industrial operational technology (OT) to the point where they can even threaten human safety.
The lesson here for OT operators is clear: organizations that may not have thought about security in the past must now take measures to augment their existing environments. They face a threat environment where scenarios in which attacks bring down their operations are not so far-fetched.
Future-Proofing Your Defense
The problem remains that these industrial environments have existed for more than 20 years with little to no security strategy. In designing and implementing these ICSs and applications, however, security was given relatively short shrift and was once maintained through: lack of internet connectivity to operational technology system and lack of common infections that could plague OT environments. That’s no longer true. If anything, IoT security is taking on increased urgency as tens of billions of these devices are coming online. Indeed, overall IoT spending is projected to reach $1.2 trillion in 2022, according to estimates by IDC.
Many of these devices were not originally intended to be connected to the outside world, though recent computing advancements have increased IOT device connectivity and automation in industrial environments. That raises no shortage of concerns about the ability of supervisory control and data acquisition (SCADA) systems to repel attackers targeting poorly-secured IoT devices.
Also, public safety demands that as more municipalities look to become so-called smart cities, incorporating sensors and other IoT devices to better manage their operations, there’s clear need to make sure that these systems are secure.
And don’t assume that because you’re disconnected from the internet that you’re safe. Attackers have proven they can still operate in air-gapped environment to suck out your data or damage your systems – or both.
The challenges are even more acute when it comes to protecting older cyber-physical systems, which are difficult and expensive to replace or patch, and where configuration is highly customized. What’s more, everyday USB usage (to update systems for example) can easily infect these environments.
Some organizations look to close off threats via USBs by completely shutting out the possibility of even plugging in a USB device. But the fact remains that you might still have an internal bad actor who can insert a USB without anyone being aware of it until it’s too late.
So, How do You Remain a Step Ahead?
The cost of a breach can easily turn out to be more than the amount of security. Here is what you need to know to decrease the attack surface and implement proper security measures for your environment:
- Business stakeholders need a clear understanding of the risks in their environment.
- Monitoring critical environments at a network level does not enable organizations to prevent even accidental infections.
- Intrusions pivot through endpoints and, therefore, must be at the heart of an organization’s security strategy.
- Organizations that do not take proper measures to secure critical infrastructure and operational technology are subject to large liabilities.
How Symantec Answers the Call
What you need is a trusted multidimensional IoT security strategy to protect against USB-borne malware, as well as network intrusion and zero-days. Here’s where our Industrial Control System Protection Neural USB scanning station (ICSP) and Critical System Protection (CSP) provides the security posture you’ll need to protect your critical environments.
The Symantec ICSP Neural USB scanning station is a self-contained aluminum-unibody appliance that prevents both known and unknown attacks to IOT environments through detection of and protection against malicious malware that exists on USB devices. For secure external media transfer, ICSP Neural leverages and visualizes our most advanced Symantec threat technologies: Machine Learning stack and cross hatched with signatures, emulation, and reputation to provide the highest levels of protection against weaponized malware.
ICSP Neural is endowed with deep learning and is capable in protecting against future forms of attacks, such as adversarial machine learning. The upstanding hardware and cutting-edge software provides higher efficacy, longevity, and organic self-learning for a decreased attack surface to your critical environments.
What’s more, ICSP Neural offers a lightweight enforcement driver, which is compatible with legacy operating systems, and enforces protection by ensuring that only scanned external media can be used on your systems. ICSP Neural is equally compatible with a wide range of automation vendors, HMIs, healthcare devices and defense systems. So, whether your target system is decades old or modern-day machinery, ICSP Neural provides a high degree of protection from known and unknown zero-day exploits and attacks.
For the decades-old systems or devices that require legacy and/or end-of-life (EOL) support, we have our lightweight no-internet required Critical System Protection. Built with intrusion prevention and intrusion detection features for managed or standalone IoT devices, CSP deploys a signature-less application whitelisting policy-based approach to endpoint security and compliance, which secures IoT devices from known and unknown zero-day exploits and attacks. The essence of CSP is to protect and isolate IoT devices against network intrusion and zero-days from performing unhygienic operations or accidental infections when installed on existing automation stacks and engineering workstations.
Our IoT defense arsenal addresses industry-wide pain points with enterprise-ready proven offerings. At Symantec, we foster uninterrupted business operations without the need to replace existing equipment, software or downstream operations. Working together, ICSP Neural and CSP implement control points to protect against USB-borne malware, network intrusion, and zero-day exploits to industrial control systems and IoT devices. To learn more about our IoT solutions, visit us at Symantec.com/iot.