The ongoing Coronavirus pandemic is not showing any signs of disappearing as it continues to change the world as we know it. Interpersonal relationships are skewed due to social distancing, personal hygiene standards are off the charts, and traveling has become a safety risk.
In an attempt to “flatten the curve” and stop the disease from spreading, while trying to reduce financial loss, many organizations are insisting their employees stay at home and work remotely. We have seen the community’s reaction with a high adoption rate of remote networking technologies, such as video communication platforms (Zoom, for example, had 600,000 downloads in one day), and some companies are already preparing for long-term changes in the way they operate, by enabling various remote access solutions.
This unforeseen reality imposes new challenges for OT cybersecurity teams who are now dealing with distributed users utilizing private and public communication infrastructures for their daily work, instead of the central, controlled ones of their businesses. This doesn’t even include the growing wave of Coronavirus-themed attacks that are already hitting private users, businesses, and medical institutions.
As for the latter, cyber-criminals are harnessing the COVID-19 outbreak to craft creative phishing mails, malicious apps, and infective websites, all of which use well-known Trojans, keyloggers, and file stealers. Some APTs - Russian, Chinese, North Korean and Pakistani, to name a few - have already begun leveraging the pandemic to spread their RATs. APT36, for example, was spotted infecting victims with Coronavirus-themed phishing mails that pull the Crimson file stealing RAT.
For manufacturing industries, such attacks can result in data breaches, credential disclosures and the exposure of commercial and technological secrets, just like any enterprise. But industrial networks are a totally different playing field. In the event that an attacker moves laterally from the infected computer to the production floor networks, the damage to personnel and equipment could be devastating. Although this same risk existed in the pre-COVID-19 world, it is amplified dramatically by the expected increase in remote connection solutions for OT, enabling access through various endpoints and building even more bridges between unsegmented IT and OT networks.
Recent research predicted an industrial automation boom after the COVID-19 “recession”. We saw a similar pattern in the past three decades, where industries began to implement more robots, machines, and digital solutions to replace the human workforce after each major economic crisis. OTORIO made an assessment that COVID-19 will contribute to the rapid proliferation of the Industry 4.0 revolution. This will be enhanced by ICS vendors who will soon offer more solutions to enable remote access to OT and maintain the ability to operate industrial plants, systems, and machines even under the worst workforce shortage conditions.
We can already see proof of this assessment. Recently, two leading ICS vendors announced some new remote access ICS solutions.
Mitsubishi Electric announced that it developed a battery-powered wireless terminal to collect meter data and control networked sensors. Implementation of such units will help connect sensors to networks and reduce the need to “visit” the sites physically.
Moxa launched its Remote Access Suite, offering easy connection of industrial control systems to each other, to engineers and to application servers, over the Internet. A major part of Moxa’s specification is dedicated to embedded security solutions, such as firewalls, whitelists, and end-to-end encryption.
Earlier this year, Rockwell Automation acquired Kalypso, an industrial digitization company, “to bring IT and plant floor technology (OT) together”.
Although ICS vendors made a huge leap towards awareness about security aspects in their products, the demand for continuous, high connectivity will remain a distinct risk coefficient: It disables segmentation, expands the attack surfaces and vectors, and adds more ungoverned devices to the cyber battlefield.
Learn more about how manufacturers can adapt to the current situation and prepare for post-COVID-19 opportunities. Otorio is the leading industrial cybersecurity company offering digital risk management and OT threat intelligence services.