In 2020, a hacker group called the Jerusalem Electronic Army published several posts on social media claiming to have compromised control systems belonging to Israel’s public water supply infrastructure. Israel’s National Cyber Agency (INCD) issued a security alert requiring the energy and water authorities to immediately change passwords on all connected control systems, reduce connectivity and ensure that the latest version of the controller is installed.
Subsequent media reports have revealed some details of the security attack, but it is worth noting that the hackers targeted SCADA (Data acquisition and Monitoring) systems – an important part of the industrial process known to industry practitioners, which helps managers identify production problems in real time and adjust production plans. It can be said that as an important part of the industrial control system, the security of SCADA is crucial, once it is attacked by hackers, it will be hard to hit a certain industrial field, and it will be the entire national critical infrastructure paralysis.
The good news is that in the end, the group is not disrupting or damaging Israel’s water supply, but is demonstrating its capabilities in an attempt to make a political or cultural statement. However, similar incidents have raised alarm bells around the world about the cybersecurity of industrial operations.
Last month, Rockwell Automation released “Anatomy of More than 100 Cybersecurity Incidents in Industrial Operations,” which analyzed 122 cybersecurity incidents, including direct threats to OT/ICS(Industrial control systems). Nearly 100 data points were collected and reviewed for each security incident.
Based on the analysis of these security incidents, the key findings are as follows:
In just a few years, OT/ICS security incidents have surpassed the total number reported between 1991 and 2000.
The energy industry experienced the highest concentration of security attacks (39 percent), with attacks occurring more than three times as often as the next highest vertical.
Phishing continues to be the most popular attack technique (34%), highlighting the importance of security strategies such as air gaps, network segmentation, isolation, zero trust, and security awareness training to reduce risk.
SCADA systems were targeted in more than half of OT/ICS security incidents (53%), with PLCS the second most common target (22%).
More than 80 percent of threats come from outside organizations, but in about a third of security incidents, insiders inadvertently open the door for the threat.
Of the OT/ICS security incidents investigated in the report, 60% resulted in operational disruption and 40% resulted in unauthorized access or data breach. However, the damage from a security attack extends beyond the affected enterprise, as the broader supply chain is also affected in 65 percent of cases.
Research has shown that in most OT incidents, the attacker first enters the IT network. So strengthening the security of IT systems is crucial to combat cyberattacks on critical infrastructure and manufacturing facilities.
This article will compile the highlights of the report:
Key Findings (1)
In just a few years, OT/ICS security incidents have surpassed the total number reported between 1991 and 2000.
In 2022, the report shows a 2,000% increase in adversarial reconnaissance against Modbus/TCP Port 502, a commonly used industrial protocol, which could allow hackers to take control of physical devices and compromise OT operations.
The data and frequency of security attacks has increased not only because more targets are actually being compromised, but also because there are better detection tools and capabilities to help identify security attacks.