ROK: Security’s ‘Tower of Babel’

Wednesday, November 14, 2018 @ 03:11 PM gHale

By Gregory Hale
With security awareness continuing to skyrocket, one of the key factors moving forward is to eliminate the “Tower of Babel” that exists in the industry.

While the Tower of Babel is an origin myth meant to explain why people in the world speak different languages.

RELATED STORIES
ROK: Security Underlying Factor in Connected Manufacturing
Dust Explosions Spark Safety Alert
USB Drives Loaded with ICS-Based Malware
Russia Behind Triton Attack: Report
TUG: Safety System Attack ‘Slow Burn’

“Cybersecurity is a learning computation and we have to stay ahead of the issue; the heart of the problem is the Tower of Babel,” said Nadav Zafrir, co-founder and chief executive of Israeli-based cybersecurity think tank, Team8, and president of network monitoring provider, Claroty, during his Tuesday talk at Automation Perspectives the day before Automation Fair opened up in Philadelphia, PA. “There is very little visibility into what we are doing.”

Zafrir talked about five conditions that lead into the “perfect storm” for cyber threats:
1. Cross-connectivity
2. Convergence is inevitable
3. No common language
4. No visibility
5. Active threat landscape

The cross-connectivity space really started when connectivity started cranking in the year 2000 with mobile devices. By the year 2007, there was hyper-connectivity with added things like WiFi and social media. “Today, we’re at the age of cross-connectivity and that can lead to an amazing world.”

Convergence
Convergence is inevitable. Initially, the two areas were not designed to work together. Legacy environments of IT and OT lived in their siloed environments. After all, Zifrir said, OT is insecure by design, it has a lifetime of decades, and is designed to be closed and siloed.

There is no common language between the two. IT and OT have similar end results, but their language and communication skills are very different. “We are creating a Tower of Babel,” Zafrir said.

In terms of visibility, Zafrir said there is none right now and there needs to be visibility from field devices all the way up to the enterprise.

There is a very active threat landscape going on in the industrial space. For the longest time, bad guys did not venture in the manufacturing market, but they are coming in now with the potential to cause harm. “Threats are continuing to increase,” he said.

In 2017, NotPetya did $10 billion in damage. While that attack was not directed at the OT environment, it took down large industrial conglomerates around the world.

The attack was a political attack on Ukraine from Russia, but it caused ships not to run in Los Angeles, Zafrir said.

OT susceptible to IT Attacks
That also went to show the OT side is susceptible to IT vulnerabilities. NotPetya was an attack based on the EternalBlue exploit taken from the NSA. The ransomware targeted Microsoft Windows-based systems, infecting the master boot record to execute a payload that encrypts a hard drive’s file system table and prevents Windows from booting.

Maersk, Merck, and Fed Ex were among the innocent victims of the attack.

A more recent attack targeting an industrial enterprise occurred in August 2017, when the Triton malware ended up discovered on a Triconex safety system at a Saudi Arabian gas refinery and the SIS failed safe and took down the plant.

“They went after the ‘Red Button’ capability in that attack, Zafrir said. “The Triconex system did what it was supposed to do and shut down. There are political quarrels between two nation states and the company was the victim.”

“Visibility is the minimum, you can’t defend what you can’t see,” Zafrir said. “Visibility into all the protocols and then baseline the system is key. Anomalies in the system will trigger an alert. That all makes for a safer environment. Understanding the system is vital because attacks are more sophisticated and take time. If you can see something at the early stages before it propagates, then we can do something about it.”

When it comes to security no one solution or one company can solve the issue.

“For a security program, it takes a village to protect systems,” Zafrir said. Between the supplier, the integrator and asset owners, everyone has to work as a team to achieve a secure environment.

“We really believe we can solve the issues,” Zafrir said. “We can make the world a little safer. With the increased connectivity, we are making defense harder. We created so many opportunities, but there are so many more connections to break into. We want to make the burden of entry much harder. We need to create resilience.”



Leave a Reply

You must be logged in to post a comment.