Skip to main content

Hackers show ability to hijack infrastructure

Published by , Editorial Assistant
World Pipelines,


Advanced hackers have shown they can take control of an array of devices that help run power stations and manufacturing plants, the US government said in an alert on 12 April, warning of the potential for cyber spies to harm critical infrastructure.

The US Cybersecurity and Infrastructure Security Agency (CISA) and other government agencies issued a joint advisory saying the hackers' malicious software could affect a type of device called programmable logic controllers made by Schneider Electric and OMRON Corp.

OMRON did not immediately return a message seeking comment. A Schneider spokesperson confirmed it had worked with US officials to defend against the hackers, calling it "an instance of successful collaboration to deter threats on critical infrastructure before they occur."

The controllers are common across a variety of industries – from gas to food production plants – but Robert Lee, Chief Executive of cybersecurity firm Dragos, which helped uncover the malware, said researchers believed the hackers' intended targets were LNG and electric facilities.

In its alert, the Cybersecurity Agency urged critical infrastructure organisations, "especially Energy Sector organisations," to implement a series of recommendations aimed at blocking and detecting the cyber weapon, named Pipedream. Although the warning was vague – it did not say which hackers were behind the malware or if it had actually been used – it sent concern coursing across the industry.

In a sign of how seriously the discovery was being taken, CISA said it was making its announcement alongside the Energy Department, the National Security Agency and the FBI. Programmable logic controllers, or PLCs, are embedded in a huge number of plants and factories and any interference with their operation has the potential to cause harm, from shutdowns to blackouts to chemical leaks, wrecked equipment or even explosions.

For software company Xage Security, the principles announced by the CISA add to the significance of their upcoming appointment to the government advisory board on critical infrastructure protection.

Duncan Greatwood, CEO, Xage Security, makes the following comment:

We welcome this additional push to see core security capabilities like MFA enabled for every element of an operating environment – whether that environment is a consumer's home, or critical national energy infrastructure, or something in between. With our focus on critical operations, we'd note that many of these core security capabilities are still not fully implemented even in the most sensitive situations such as energy or transport infrastructure.

In some cases, in those complex operating environments it is necessary to overlay existing systems with newer cybersecurity mechanisms, since a ‘rip and replace’ of existing systems may be impractical. Even so, this push by CISA to introduce effective cyber defences for individual consumer and small business products should be another wake up call for infrastructure operators. After all, it would be ironic if the cyber-attack prevention for devices in a typical home came to be stronger than those blocking attacks against critical infrastructure.

Additionally, the direction of these new CISA principles pushes cybersecurity further in the direction of identity-based (aka ‘zero trust’) preventative cyber. The CISA principles are intended to improve the protection of each individual device, even in the event that attackers are able to compromise the user's network – which is a core tenet of zero trust. It is also necessary to protect the system as a whole, not only individual elements, meaning protection needs to be end-to-end especially in the more complex environments.

Read the article online at: https://www.worldpipelines.com/special-reports/18042023/hackers-show-ability-to-hijack-infrastructure/

You might also like

 
 

Embed article link: (copy the HTML code below):


 

This article has been tagged under the following:

US pipeline news Pipeline cybersecurity news


 

World Pipelines is not responsible for the content of external internet sites.