Although the digital transformation of critical infrastructure networks provides clear business advantages, the most challenging aspect of implementing these techniques is the security risk. The operational technologies driving operations until now were relatively isolated or even non digital. The integration / convergence of IT (Information Technology) and OT (Operational Technology), which is essential for the digital transformation, resulted among others, in Machine systems and Industrial Control Systems (ICSs) being exposed to the majority of cyber-attacks.
Industrial Control System (ICS) is a general term that includes supervisory control & data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations like programmable logic controllers (PLC). ICSs can be found in manufacturing, processing facilities and critical infrastructures, such as nuclear and thermal plants, water treatment facilities, power generation, heavy industries, smart cities and distribution systems. This makes them very attractive targets for attackers, who are often motivated by financial gain, political cause, or even a military objective. Attacks may be state-sponsored, or they could also come from competitors, insiders with a malicious goal, and even hackers. Most ICS devices are inherently less secure against advanced attacks due to vulnerabilities in hardware, operating systems and ICS applications as well as in the ICS networks.
However, all devices are subject to cyber threats. Researchers at cybersecurity company Trend Micro and experts at the Milan Polytechnic University examined how hackers can exploit security flaws in IIoT equipment to break into networks as a gateway for deploying malware, conducting espionage or even sabotage. Also, the JSOF research lab has discovered a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Track, Inc. The 19 vulnerabilities, given the name ‘Ripple20’ (https://www.jsof-tech.com/ripple20/), affect hundreds of millions of devices (or more) and include multiple remote code execution vulnerabilities.
The risks inherent in this situation are high. Just a few examples: data could be stolen off of a printer, an infusion pump behavior changed, or industrial control devices could be made to malfunction. An attacker could hide malicious code within embedded devices for years. One of the vulnerabilities could enable entry from outside into the network boundaries; and this is only a small taste of the potential risks. Such findings have become one of the main reasons, which hold digital transformation in critical infrastructures initiatives back.