Industrial Control Systems (ICSs) are critical to modern society. They help keep energy and water supply functioning, transport vital goods in a safe and reliable manner, and protect people from harmful chemicals and radiation. However, many industrial control systems are also susceptible to attacks from malicious actors, who can cause power outage or even physical damages when they are not carefully secured. Attacks on industrial control systems vary widely and are influenced by many factors, including; The intent of the attacker, capability of the attacker, sophistication of attacking techniques, time required to develop an effective attack plan and the attackers familiarity with industrial control systems and industrial processes.
Cyber attacks on infrastructure have increased significantly year on year. The number of cyber-vulnerabilities discovered in industrial control systems soared by 110% over the past four years. Almost all of the vulnerabilities were rated as “low complexity”, meaning that attackers exploiting them could expect to be successful every time. The sophistication and ingenuity of these attacks are overcoming the current methods used by cyber products. The reason for this is current cyber products only defend against known vulnerabilities, not the unknown. This is a problem because cyber attackers exploit these unknown vulnerabilities designing new ways to attack systems. The internet, removable media and email continue to be the main attack vectors for systems within the industrial infrastructure of organizations. The vast majority of ICS specific attack vectors have two things in common – software and an internet connection, which provides a pathway into a system from anywhere in the world.
However, removing infrastructure from the internet is not a practical solution, and software will always be needed, so what is the solution? The solution is, to accept these vulnerabilities, but isolate them so they cannot be exploited, using technologies that are not software based.
As the world becomes more and more connected, cyber-security threats are becoming an increasing concern. Traditional cyber-physical systems have little to no security. These systems are currently not only hackable themselves, but provide an open door to more critical systems within networks.
Traditional cyber security offerings, i.e. Network and host-based Intrusion Detection Systems (NIDS / HIDS) play an important role in cyber security, alerting organisations to potential malicious activity across networks and devices, however, there are also weaknesses that need to be considered.
NIDS / HIDS will not be able to detect all malicious activity, as different types of attacks may not produce any network traffic, or any traffic that would be flagged as malicious by the NIDS / HIDS. In addition, NIDS / HIDS can only be as good as the rule sets used to detect malicious activity, and these rule sets need to be constantly updated by experienced engineers to account for new exploits and malicious activities. A NIDS / HIDS can alert staff to an attack, but it can’t stop it, and by that time it may already be too late. A NIDS / HIDS is only as good as the staff who are monitoring it. Many of the traditional cyber security solutions are unable to keep up with the speed of change of the threat landscape, leaving organisations exposed.
Blueskytec have applied its experience of over three decades of working in the field of embedded systems and encryption to provide a scalable and appropriate technology for cyber-physical devices. Our systems have been designed specifically to overcome the unique challenges of protecting Industrial Control Systems.
Blueskytec offers patented “Key Space Technology”, that isolates and protects systems from all vulnerabilities, giving you peace of mind in operating your critical infrastructure, safely and without interruption, even in the presence of large scale and sustained attacks.
The vision for the technology is to provide an absolute method to isolate Industrial applications from the internet and operate in a private, cryptographically closed user-group. It allows any manufacturer, supplier and customer to operate their equipment safe in the knowledge that their operational capability and mission is secure. The technology can be a host for their applications, it can be integrated into their equipment or it can be applied to their equipment after manufacture as an appliqué.
Using encryption and authentication, the technology isolates the manufacturer’s physical device from the internet in systems where both ends of a communication structure are under the user’s physical control. For example, in a scenario where a swarm of drones connects with its handler, both the drones and the controller are considered assets of the user and, thus, can be secured. Because email exchanges and web browsing are unrestricted activities and we cannot predict both ends of a communication transaction, this technology cannot be used to protect them. However, it can be used to ensure that Windows SCADA devices cannot be accessed remotely for command and control, patch updates, VPNs, or other IT functions.