In the past year, we have seen many unpredictable challenges. In order to keep in touch and keep things running while complying with social distancing restrictions, many organizations have to accelerate their digital transformation plans. Because the equipment used in industrial control systems (ICS) is older, industrial and critical infrastructure sectors are particularly vulnerable. Their increased attack surface makes these organizations particularly vulnerable to cyber attacks, especially in the supply chain.
SolarWinds and the supply chain
With the exposure of major security incidents, awareness of supply chain attacks has been steadily increasing over the past decade. These include the 2013 Target security breach, in which the credentials of a heating and air-conditioning supplier were stolen and used to access the retail giant’s network, or the 2017 NotPetya attack, in which software updates of several multinational companies were affected by ransomware and shut down the company’s technology And business is paralyzed. The recent SolarWinds Orion software attack has brought renewed attention to the fragility of the supply chain and the urgent need to increase security measures at all stages.
Several months after the SolarWinds vulnerability was disclosed in December 2020, detailed information about the extent of the damage is still to be discovered. The affected products are incredibly widely used, making it difficult to pinpoint exactly how the vulnerability occurred. This emphasizes the need to increase visibility in all areas of the supply chain-including information technology (IT) and operational technology (OT). The increasing integration of IT and OT networks has greatly increased the susceptibility of the supply chain, and increased visibility in these two areas may increase awareness of the existence and prevention potential of attacks.
Recovery from radiation
Since we do not yet understand the full impact of the SolarWinds attack, recovery from it will be an ongoing process. Organizations and their security teams will tighten policies and practices that they may have loosened in the past. The US government is facing increasing pressure to take action to prevent similar incidents from happening. Even so, organizations that once and want to prevent being affected are adding security measures and paying close attention to the tools in their technology stack.
In addition to responding to the impact of the SolarWinds attack, organizations are still seeing the impact of the COVID-19 pandemic. The increase in remote workers and delays in introducing new equipment and upgrading existing equipment have created security vulnerabilities. Ransomware attacks are also on the rise, especially for critical infrastructures that cannot withstand the downtime caused by the attack and are therefore more likely to pay the price. Attacks may take the form of stealing sensitive data, malicious software, identifying valuable assets in the network, or even targeting specific devices and operating systems.
In view of these factors, we must pay special attention to the COVID-19 vaccine supply chain. Just as the pandemic has shaped security risks in 2020, the sensitivity of the vaccine supply chain to attacks may affect security in 2021. A lot of time, money and energy have been invested in vaccine development and manufacturing and distribution plans. These organizations are facing unprecedented importance to ensure the reliability and safety of their products.
Protect the supply chain
Given all the threats to the supply chain, IT and OT security professionals must prepare themselves and their organizations to withstand attacks that may occur in the near future.
One of the most important changes that organizations can make to enhance supply chain security is to turn their attention to external suppliers and partners who have access to their internal systems. The first step is to determine how external partners can access internal systems and who is responsible for these systems. Security partners, suppliers, contractors, and internal supply chain decision makers should continue to communicate to ensure full visibility of the system.
Another important step is to maintain asset inventory and invest in segments to maintain the security of each asset separately. Our research found that 71% of ICS vulnerabilities disclosed in the second half of 2020 can be exploited remotely through network attack vectors. Splitting assets helps ensure that part of your asset list suffers from security breaches and the rest will not be compromised.
Some other steps to ensure supply chain security include implementing solutions to overcome specific OT security challenges, complying with industry-specific Cyber Security and Infrastructure Security Agency (CISA) recommendations, and ensuring that your top management and executives are involved in the industry Plans to share operational problems, solutions and processes.
By learning from past attacks and taking the necessary steps, organizations will be prepared to deal with the changing ICS risk and vulnerability landscape of the supply chain in 2021 and beyond.
Chen Fradkin is a security researcher for Claroty, an industrial network security company. He has more than seven years of ICS and IT network security research experience.She specializes in analyzing all the components of network security, from protocols and topologies to connected devices, such as… View complete bio