The Stuxnet worm was first discovered in June 2010 and became internationally famous as the cyberattack that destroyed 984 uranium enriching centrifuges in Iran. The attack stands out for 2 reasons:
- It is believed that an employee plugged in an infected USB drive, triggering the attack
- It was the first attack on Supervisory Control and Data Acquisition (SCADA) systems
Stuxnet may have been used to target Iranian nuclear facilities, but as a worm it was designed to spread and spread it did: Chevron reported that it had been infected by Stuxnet soon after it was first discovered.
There are 4 takeaways from the above discussion that we must consider:
- SCADA systems are computing systems that can be attacked just like any other computing system
- Attacks on SCADA systems can be highly destructive as they can be used to manipulate industrial equipment and make them malfunction, causing damage and risking life
- Attacks on SCADA systems can spread to other organisations that are not the target of the attack
- It takes just one infected USB drive plugged into a computer used to control industrial processes to launch an attack
Stuxnet may have been the first attack against SCADA systems, but it was definitely not the last. Since its discovery, the world of industrial computing has encountered other malware that targets SCADA systems, such as Havex and BlackEnergy, and SCADA systems have also been targeted without using SCADA-specific malware.
Why Threat Actors Target SCADA Systems
SCADA systems, or other operational technology used in industries, may not be perceived as obvious targets for cyberattacks but they offer both incentive and opportunity to threat actors:
- Impact – Industrial processes often involve large amounts of material and energy and attacking their control equipment to sabotage operations can cause extensive damage
- Legacy Devices – Industrial equipment is often built to last decades but the computers that control them reach end-of-support from their OEMs long before the equipment needs to be replaced, paving the way for threat actors to exploit known vulnerabilities in unsupported platforms
- Remote Access – Modern industrial equipment rely on internet connectivity to enable remote monitoring and control as well as remote maintenance by the vendor, enabling threat actors to target SCADA systems through remote intrusion
- Shared Networks – SCADA systems may use the same internal networks as other enterprise IT infrastructure, allowing threat actors to enter an organisation through a SCADA system and then move through the network to compromise other computing assets
Why CISOs are Concerned About SCADA Systems
SCADA software is developed to run on the same operating systems and hardware used by the rest of the enterprise. However, the cybersecurity solutions that protect other business devices may not be able to run or protect SCADA devices due to the unique constraints of SCADA systems:
- Legacy Devices – As discussed above, SCADA systems may use legacy devices and legacy control software that rely on operating systems that are no longer supported by the vendor. Such platforms are often not supported by the cybersecurity solution provider, leaving the devices unprotected
- Modest Hardware – The computers that control industrial processes are expected to be used only for that purpose and may have hardware capacity that is just enough to run resource-intensive SCADA software. Many cybersecurity solutions are known for slowing down devices, and the SCADA computers may not have sufficient surplus capacity to run both the operational technology software and the cybersecurity solution
- Bandwidth Availability – SCADA systems require internet connectivity for remote access, as mentioned above. Cybersecurity solutions also require internet connectivity to download malware definition updates multiple times a day, to ensure protection against the latest threats, and to manage cybersecurity. The network capacity available at the plant may not simultaneously support both SCADA and cybersecurity bandwidth requirements, degrading SCADA remote access
How K7 Secures SCADA Systems
K7 Endpoint Security for Operational Technology (K7 EPS OT) has been developed to address the security needs of SCADA and other industrial computing assets, providing proactive host-based protection for the computers used in production plants.
- Threat Protection – K7 EPS OT provides international award-winning protection against viruses, ransomware, phishing, zero-day attacks, and many other cyberthreats. We began by discussing how Stuxnet compromised Iranian nuclear facilities through an infected USB drive; K7 EPS OT includes automatic scanning of USB drives to prevent malware, and blocking of USB drives to prevent data theft. A two-way firewall with Intrusion Detection/Intrusion Prevention (IDS/IPS) is also provided to stop internet-based attacks
- Platform Support – SCADA systems that run on legacy devices can be easily protected by K7 EPS OT; out-of-the-box support extends to Windows XP, ensuring that older industrial equipment running platforms that have reached end-of-support cannot be targeted by threat actors either for direct infection or as a point of entry into the enterprise network
- Efficient Protection – The efficiency of the K7 scan engine is legendary and is proven, both in tests and in real-world applications, to protect without slowing down the device. This is an invaluable attribute in SCADA cybersecurity as SCADA systems may consume a majority of the device’s computing resources. K7 EPS OT successfully protects SCADA systems running on computers with 1 GHz processor and 95% system resource utilisation. K7’s efficiency also avoids the need to upgrade hardware and extends the useful life of older computing equipment
- Lean Updates – K7’s protection features lean updates that are designed to minimise bandwidth consumption. K7 has successfully protected enterprises with branches in locations that have just 24 kbps connectivity, ensuring that SCADA systems can reliably utilise enterprise networks for remote monitoring, control, and maintenance without being hampered by malware definition updates and other cybersecurity enhancements choking the network, or requiring bandwidth upgrade
SCADA systems are a critical part of many production processes and enable data-driven manufacturing. K7 Endpoint Security for Operational Technology ensures that your industrial facilities avoid disruption from cyberattacks without being burdened by the excessive resource consumption of conventional cybersecurity solutions. Contact Us to learn more about how K7 Endpoint Security can help you achieve single-dashboard management of your enterprise IT and OT systems.