Industrial Automation
Every cool beverage, glowing screen, or warm bed is brought to us by Industrial Automation and Control Systems (IACS). These marvelous transformative systems enable our economy and way of life; without these systems, we would find ourselves living in a far less desirable post-apocalyptic world.
Industrial Controls
Dellfer for Industrial Controls IoT
Dellfer takes a unique approach to protecting IoT devices. Conceptually, it is simple. Dellfer essentially takes a fingerprint of the software used to run an IoT device, then sets up detection mechanisms that trigger defenses if any changes appear. For instance, if malware is injected into the software, Dellfer detects it and quarantines it. Or, if the software is altered to behave differently, Dellfer identifies the source of the issue and neutralizes it.
Highest Safety Certification
Dellfer Developer Toolkit is qualified to be used in safety-related software development according to IEC 61508 for any SIL.Expanding Critical Infrastructure
According to the U.S. Department of Homeland Security:
“In an increasingly interconnected world, where critical infrastructure crosses national borders and global supply chains, the potential impacts increase with these interdependencies and the ability of a diverse set of threats to exploit them.”
Increasing Connectivity for Industrial Controls
According to Justin Sherman, Cybersecurity Policy Fellow, New America:
“In the next 5–10 years, industrial systems are going to become increasingly connected to the internet as the IoT becomes more and more essential to industrial operations, and as those systems are also hooked into 5G cellular networks—which are promising much lower communication delays between devices. IoT device security is usually terribly weak right out of the box, so this will be a serious challenge for industrial systems to manage when IoT devices are deployed at scale.”
Risks to Connected Industrial Controls
- The average cost of a security incident impacting industrial control systems (ICS) or other operational technology (OT) systems is roughly $3 million.
- 48% of manufacturing industries have suffered a cyberattack.
- ICS vulnerability disclosures grew 110% since 2017, with a 25% increase in the second half (2H) of 2021.
- 71% of the OT cybersecurity threats go unattended for up to 3 months.
The Importance of Cyberlearning
IACS requires connectivity, while connectivity supports innovation; connectivity also opens a system to new threats. As we have seen, with every connected device, there is a cyberlearning development curve. We have learned repeatedly the hard way that shipping a zero-defect secure connected device is remarkably challenging. IACS has more significant challenges than a typical connected device, as IACS by design requires orchestration between various connected devices to solve complex interactions, making decisions beyond superhuman speed. Security, mitigation, and resilience must be built-in to meet these demanding challenges.
Industrial Connected Devices Under Attack
A disgruntled job-seeking applicant in Australia using a network-based attack caused massive ecological damage by dumping more than 264,000 gallons of raw sewage in neighboring waterways. The infamous Stuxnet malware disrupted and damaged the Iranian nuclear weapons program. The unsuccessful Russian Triton malware targeted the Saudi Arabian petrochemical plant with the intent of causing massive physical damage and loss of life. The Russians have attacked the Ukrainian power grids with severe specialized malware targeting multiple classes of systems.
Industrial Automation Challenges
Attribution is a severe challenge of industrial automation control systems. Identifying a hardware failure from malicious actors may not be possible. If the Russian Triton attack had not failed, it’s unlikely investigators searching the rubble of a destroyed petrol plant could uncover any malware. An industrial automation system failure often leads to catastrophic outcomes.
Potential Loss of Life
China’s Wenzhou bullet trains failed communication systems resulted in collision and derailment, killing 40 people and injuring 190. Russia’s Sayano-Shushenskaya power station failed catastrophically, killing 75 people and destroying the station. The hydro turbine’s 920-ton rotor cover shot up, the rotor broke free from its seat, rising 9 feet. The San Bruno natural pipeline explosion killed eight people and leveled 35 homes. People would be disturbed to learn that catastrophic hardware, architectural, or maintenance failures can be spurred or faked with a cyberattack.
Deeper, Disturbing Trend
How much are threat actors paying for zero-day exploits?
Platform
2012
2021
Adobe Reader
$5K-$30K
$80K
Mac OSX
$20K-$50K
$50K
Android
$30K-$60K
< $2.5M
Microsoft Word
$50K-$100K
< $100K
Windows
$60K-$120K
< $1M
Chrome
$80K-$200K
< $500K
iOS
$100K-$200K
< $1M
Industrial Automation Systems
< $1M
