- May 13, 2019
By Rick Peters, Fortinet
Increasingly, the most effective way to disrupt the world‚Äôs critical transportation infrastructure is by targeting the OT network, and more specifically, those IT devices and systems that have been converged into a traditionally isolated OT environment.
By Rick Peters, Operational Technology Global Enablement Director, Fortinet
Time to market is an essential competitive edge in a digital marketplace that has placed growing pressure on the rapid delivery of goods to manufacturers, retailers, and the customer. In addition to developing new products and services, success today also depends upon new functions like DevSecOps teams and agile software development, more speed and bandwidth, on-demand infrastructures spanning multi-cloud environments to manage big data, and hyperconnectivity across data and resources.
Few places are experiencing more of the cyber impact of this new business model than the Operational Technology (OT) transportation sector. For example, organized cybercriminals have actively exploited container shipping companies and container port operators. By hacking Internet-connected OT systems, cybercriminals have been able to access ICS-based cargo systems to redirect containers, or worse, make them disappear off the grid entirely. Similarly, access to aircraft systems is typically achieved by breaking into Internet-connected OT sub-systems such as communication, maintenance, catering, baggage handling and load-control systems.
Increasingly, the most effective way to disrupt the world’s critical transportation infrastructure is by targeting the OT network, and more specifically, those IT devices and systems that have been converged into a traditionally isolated OT environment. The ability to tie consumer data to shipping timetables can ensure and track the delivery of time-sensitive goods. However, the goal of enabling a more nimble and responsive business strategy also introduces new challenges, such as exposing that same consumer to risk, that need to be carefully considered. The most important of these considerations centers on the fact that IT and OT systems employ a very different priority model for managing resources.
In the OT World, Availability is King
IT systems generally follow the CIA model, where confidentiality and the integrity of data is paramount, and availability, while critical, is less important. Downtime of short duration to update systems or patch devices is a generally accepted best practice. OT systems, however, follow the exact opposite model, where safety and availability are the top priority. Many OT systems, such as interconnected aircraft systems, interconnected stakeholder networks, and navigational systems require 100% uptime.
There are literally dozens of different systems required to load an aircraft with passengers and goods, keep it airworthy, and then safely discharge those passengers and baggage. Historically, cybersecurity was less of an issue when many of those systems were originally designed and fielded. But presently, these very same systems are increasingly being interconnected and exposed to the internet as new onboard applications are embedded and ground systems become interconnected.
Unfortunately, many of the devices and systems running in the background depend upon legacy operating systems, applications, and aging HMI (human-machine interface) devices that may have not been patched or updated in years. Even worse, many OT devices and the systems that provide control and monitoring tend to be very fragile. Even benign security applications that simply scan a network environment looking for data can have serious repercussions. And yet, crippling or disabling a critical system can not only destroy physical property, but also put human lives at risk.
Nearly Every OT System Connected to IT is Eventually Breached
Once OT controls for physical equipment are converged with IT computers and networks, the air gap that existed between IT and OT—and that has protected OT systems for years—is gone. Research shows that malware and cyberattacks will almost certainly be designed to target and penetrate this expanded digital attack surface, resulting in frequent breaches. For example, in a recent survey commissioned by Fortinet and conducted by Forrester Consulting, 90% of organizations with an ICS (Industrial Control System) in place indicated they had experienced a breach in their OT infrastructure at some point in the past. More alarming, however, is that nearly 6 in 10 reported experiencing a breach in the past year, which aligns with the recent trend towards IT/OT convergence.
Another significant contributing factor that increases risk in OT environments is that many organizations allow a host of other technologies, including global positioning systems (GPS), active radio-frequency identification (RFID), and Wi-Fi devices to connect to their networks. Each represents an additional potential attack vector and source of malware. Indeed, 97% of those surveyed acknowledged security challenges due to the convergence of traditional IT and OT.
Cyber Threat Trends
There are a number of compelling reasons why connected OT networks are prize targets for some cybercriminals. While OT systems do not present the sort of personal data value that many traditional cybercriminals traditionally seek, targeting and impacting a critical infrastructure system still has huge appeal for cyberterrorists, state-sponsored cyberespionage agents, and criminal organizations. Cybercriminal agendas can extend from holding a critical system hostage, manipulating a stock price (short sell, attack, and reap a “clean” profit), or even operating as a cyber “hit man” as a competitive strategy.
Simply put, there are many examples of vulnerabilities present in today’s transportation systems that can be exploited by compromising an Operational Technology system.
- Increasing connectivity of navigation and cargo systems to satellite and Internet communication brings with it a rapid escalation of cyber risk. In 2013, for example, a University of Austin student participating in a sanctioned experiment aboard an $80M yacht managed to successfully spoof the ship’s navigation system, steering the ship off its intended course. In 2017, the Science and Technology Directorate at the U.S. Department of Homeland Security (DHS) demonstrated that it could remotely hack a parked commercial 757 aircraft by exploiting aircraft communication systems.
- Advanced Persistent Threats (APT’s) also represent a clear and present danger to the transportation industry. Compromised ticketing and scheduling systems, for example, can shut down transportation hubs for hours or days. Airlines security experts agree that to combat sophisticated cyber-attacks more intelligence across the cyber kill-chain must be shared between carriers, but this requires public-private cooperation that doesn’t currently exist.
- Phishing attacks are also increasingly being used to compromise privileged users with remote access to the OT network from an external access point, enabling cybercriminals to execute a masquerade attack and gain network privilege. Arguably, this is considered to be a difficult attack to plan and execute; however, impact can be severe since OT networks are typically insecure by design. Once a cyber attacker has gained access, the implicit trust model employed in many OT environments not only makes all OT assets available, but can be extended to IT resources by pivoting on the OT network.
- For manufacturers of transportation devices, such as ships or airplanes, espionage is another primary goal. 47% of malware aimed at manufacturers was intended to steal intellectual property and trade secrets. According to the National Center for Manufacturing Sciences, 21% of manufacturers lost intellectual property as a result of a cyberattack, with more than 90% of the corporate data exfiltrated by criminals considered “secret” or “proprietary.”
Take Steps Now to Secure your OT Environment
Despite these growing risks, many OT operators are still not taking adequate measures to protect their SCADA/ICS systems. For example, about half of those organizations surveyed have not deployed Secure Shell (SSH) or Transport Layer Security (TLS) traffic encryption for their SCADA/ICS communications. Additionally, many also do not employ role-based access control for employees. In fact, many organizations are unintentionally multiplying their risk by providing vendors and partners with a high level of access into their systems.
If sustaining operations demands 3rd party access to the OT infrastructure, then access control and segmentation strategies are usually best practices to consider as part of a trusted and proactive defense strategy. Implicit trust, where virtually any OT engineer has access to systems, processes, or devices, needs to be replaced with a zero or earned trust model. The best way to initiate this process is to critically examine every system and device with access to your internal OT network, with an eye towards the potential harm it could generate if it should ever be compromised.
Zero trust starts by mapping out functional zones of control and then implementing segmentation and access controls to limit the scope and scale of any OT system breach. UEBA (User and Entity Behavior Analytics) systems should also be deployed to detect and respond at speed to any abnormal or unknown behavior that threatens safe and continuous OT operations. Fortunately, since most devices inside a typical OT environment have very specific responsibilities, baselining normal behavior and identifying when that behavior falls outside of scope can be relatively straightforward.
Employing control and behavioral analytic best practices to protect high-value OT system assets are part of a broader strategy and foundational to outmaneuvering the cyber adversary. Combining the practices outlined above with an NGFW integrated into the network at key boundary points across the OT infrastructure ensures controlled access and protection of the converged IT/OT environment. And because due diligence is essential when protecting the complex yet fragile OT environment across a wide array of verticals, being attentive to the delicate nature of less sophisticated devices within the OT system is essential. Proximity security techniques such as microsegmentation can be used to protect legacy devices without impacting them directly, ensuring that existing OT equipment are protected via scalable and responsive security practices.
Addressing Transportation Sector Security Risks Now
Protecting the underlying OT systems that enable the transportation sector that communities and consumers rely on continues to be a top priority. However, in our rush to modernize these systems through the integration of IT networks and technologies, we have inadvertently exposed this critical infrastructure to risks that, in general, it is poorly prepared to defend against.
As a result, it is essential that organizations immediately begin to add critical security countermeasures to their OT infrastructures and systems, especially as an integral part of the introduction of IT systems and devices, to address the challenges being introduced through digital transformation. This begins with transitioning to a zero or earned-trust model, establishing strict access controls throughout the entire OT system, segmenting critical resources and processes based on roles and explicit policies, adding behavioral-based analysis to detect and respond to unexpected or anomalous activities, and integrating advanced security solutions at the edges of the OT network.
The importance of adopting such a strategy cannot be overemphasized. In addition to the threat that cybercriminals pose to this sector, as well as the workers, communities, and individuals that use and rely on it, the very existence of transportation organizations are at grave risk. Given the accelerated rate at which digital transportation is progressing, and the exponential expansion of the digital attack surface as a result, organizations that fail to address this challenge now will likely not survive.
About the Author
Rick brings more than three decades of cybersecurity and global partnering experience working across foreign, domestic, and commercial industry sectors at the National Security Agency (NSA). As Fortinet’s Operational Technology Global Enablement Director, he delivers cybersecurity defense solutions and insights for the OT/ICS/SCADA critical infrastructure environments. Prior to Fortinet, Rick led development of cyber capability across Endpoint, Infrastructure, and Industrial Control System technologies. Previously, Rick also served as an executive leader supporting the Information Assurance Directorate at the NSA.Learn More
Did you enjoy this great article?
Check out our free e-newsletters to read more great articles..Subscribe