5 key lessons from ICS attacks through the ages

Imagine it’s 1903 and you’re standing in front of a large hotel on a remote peninsula cliffside in Poldhu (Cornwall, UK). Despite the large antennas next to it or the huge kite that sometimes flies antennas even higher, you might not realize you are looking at the site of historic wireless telegraph communications — or the victim of the first wireless cyberattack. Guglielmo Marconi, an Italian credited as the inventor of radio and the father of wireless, was about to wirelessly transmit a telegraph message 300 miles away to the Royal Academy of Science in London. Before Marconi could start his message, the receiving apparatus tapped out another Morse code dispatch coming from a stronger radio signal:

“Rats… Rats… Rats… Rats.”

More nasty messages aimed at Marconi soon followed. As it turned out, a wired telegraph company hired Nevil Maskelyne, a British magician and fellow radio hobbyist, to disrupt Marconi’s demo, proving in the process that open radio communications are not “secure and private” channels.

According to the Department of Energy’s (DOE) History of Industrial Control System Cyber Incidents report, this was one of the first recorded “cyber” attacks on an industrial control system (ICS). While wireless telegraphy hadn’t quite been “industrialized” yet, this incident still demonstrated the potential risk posed by critical ICS that society relies on.

ICS are the computers — sometimes very specialized — that control the operation of industrial technology found in energy plants, water and gas utilities, communication infrastructure, and manufacturing. ICS also includes supervisory control and data acquisition (SCADA) systems, which are the computers that remotely monitor and control ICS operational technology (OT).

While ICS equipment is often very specialized, it can suffer the same software and hardware vulnerabilities that afflict traditional computers. Security experts have long warned that hackers would target ICS, and incidents like the recent Colonial Pipeline ransomware attack prove that point (something many observers, including WatchGuard, predicted years ago). More concerningly, successful ICS attacks have accelerated in frequency and impact over the last five years.

However, we can protect these systems, especially if we learn from history. Here are five key security lessons we have learned from past ICS attacks:

1. Insiders Threaten Even the Most Secured Systems
In 2008, Maroochy Water Services (MWS) in Queensland, Australia, started suffering wastewater pump failures, resulting in the unplanned release of over a million gallons of untreated sewage. These failures happened without any faults or alarms going off. In the end, it turned out a disgruntled contractor had stolen computer and radio equipment and was sabotaging these pumps as revenge for not receiving a permanent position.

Protecting yourself from malicious insiders can be hard but having strong asset management controls and processes for quickly revoking the privileges of ex-employees can help. As an extra lesson, MWS also realized its equipment’s wireless radio communications were not encrypted. If you are going to use a publicly accessible communication medium, you must secure and encrypt it.

To read the complete article, visit Dark Reading.