I am by no means an expert in the subject, but I can tell you that there is a lot at play when we are talking about critical infrastructure security. Certainly in recent times it seems like things have been shaken up. I have been following the security news closely, not only because it’s part of my job, but because it is truly fascinating to see things develop and how things are changing.

Sometimes it’s hard to know what is the truth and what things are being blown out of proportion by the media. One question does remain in my head, and that is . . . What is the current state of ICS security?

Before we go any further, we have to understand that IT and OT are different and they have their own separate needs and uses. The general consensus is that they should be kept separate and ideally managed by professionals with expertise in the respective technology. Reality is that people sometimes just plug things into the internet or network in a way it was not meant to be used. A lot of times this can be due to lack of resources, lack of understanding what the consequences could be of doing so, and ease of management.

While I don’t want to get into the Do’s and Don’t, I do want to shed some light at the reality of things. The reality is that we need to pay more attention at the way we approach security for these devices. The reality is that nation states as well as APT groups are certainly poking around at each others infrastructure. The reality is, that one day this could affect you and me in the case of a cyber attack and sometimes I feel like people in general just don’t realize how serious the situation can be. Let’s take a look at a couple of incidents to put things in to perspective.

Norsk Hydro, one of the largest aluminum companies in the world was hit by ransomware earlier this year. This caused a major disruption in their production and an estimated $71 million in damages. Read more on that here.

Nuclear Power Corp. in India was hit by malware. According to the article the attacker’s were able to get “domain controller-level access.” It sounds that something that they did do right, is that they have their networks segmented in such a way that at least until that time the attacker was not able to pivot into their OT network. More on that story here.

To freshen things up we can see that there are interested parties that want to have a foothold in each other’s infrastructure and they have stepped up their game, here is a couple of stories: U.S Escalates Online Attacks on Russia’s Power Grid and Hackers behind dangerous oil and gas intrusions are probing US power grids.

The good news is that it seems like things are moving in the right direction. More companies are on boarding security and realizing that the threat is real. There is companies like Dragos who can provide guidance, and assist in helping companies secure and monitor ICS systems. Security researchers continue to prove at the devices for security vulnerabilities, in the hope to find them before the bad guys do. Here is a story of fairly fresh disclosure of vulnerabilities in Siemens products from threat post: Siemens Warns of Critical Remote-Code Execution ICS Flaw.

I also recommend the following Podcast from Patrick Gray’s Risky Business talking about critical infrastructure with Eric Rosenbach and Robert M Lee from Dragos about the matter: https://risky.biz/HF3/

I hope that at the very least I can open up some eyes and show that the threat is out there and should be taken seriously, and don’t also don’t buy into the hype =).