Mitigating Industrial Control System Cyber Risk from the Iranian Cyber Threat

US Generals have long stated the next frontier of war will be in cyberspace. The realities of a digitally transforming industrial environment have made such a prognosis ever more real—now enter Iran.

The Cyber Threat to Critical Infrastructure and Industrial Operations

Be prepared for cyber attacks. That key message in response to escalation in Iranian tensions issued by the US Department of Homeland Security’s rare National Terrorism Advisory System (NTAS) alert continues to reverberate throughout the government and private sector. Meanwhile, everyone continues to grapple with how to be prepared to defend critical infrastructure and private sector industrial operations. The US Cybersecurity and Infrastructure Security Agency (CISA) published an update expanding on the heightened cyber threat level, “strongly” urging organizations to “…assess and strengthen (their) basic cyber and physical defenses….” The director of CISA, Chris Krebs, more specifically highlighted the need to “…pay attention to critical systems, particularly ICS (industrial control systems).” The mantra across the global media and government warnings the past week is clear: be prepared for attacks against critical infrastructure and industrial control systems. Mission Secure exists to protect specifically against this threat in the military and industry. It’s the goal that founded Mission Secure six years ago.

“We have already seen an uptick in probing activity from Iran at our clients in the past week,” said David Drescher, CEO of Mission Secure. “Our clients are asking: how do we make sure our assets don’t get hacked? No one wants to end up on the front page of the Wall Street Journal,” said Drescher.

Cybersecurity for Industrial Control Systems and OT Networks

“Regardless of how Iran’s retaliation takes form, the elevated cyber threat should be a wake-up call,” states Mark Baggett, Vice President of Industrial Control System Cybersecurity at Mission Secure. With 30 plus years in control systems and cybersecurity, Mark has designed, engineered, and implemented control systems for the energy industry’s most prominent players, including BP, Total, Shell, Exxon, ConocoPhillips, and Honeywell across Europe, Asia-Pacific and North America. “Industrial control systems underpin nearly all major industries. We installed them, connected them, and now we must lock them down, not just the IT networks, to mitigate risks from cyber attacks,” states Baggett.

“IT is straightforward and well understood, but that’s not the case for the OT (operational technology) network,” comments Don Ward, SVP of Global Services at Mission Secure. With several decades of experience in leading cybersecurity companies like Cisco, TippingPoint, and HP, Don goes on to say:

“If you look at CISA’s cyber protection recommendations, industrial organizations are going to have a hard time saying ‘yes’ to most of them when it comes to the OT network. Do you have backups of critical control system assets, and have you tested them? Do you have an OT incident response plan, and have you exercised it? Are control system assets up to date and patched? These are harder to tackle in the OT network, and for most organizations, challenging to achieve compliance. We are helping our clients every day to answer these questions and be better prepared.”

Today’s OT network monitoring solutions have many shortfalls. CISA asks if you are monitoring critical networks, including industrial control systems. But for OT networks, the question should be: how comprehensive is your network monitoring? Do you have visibility down to Levels 1 and 0 at the controllers, PLCs, critical motors, pumps, valves, and field devices that run the process? These levels are where the Stuxnet attack took place, and that was a decade ago. Levels 1 and 0 must be locked down, monitored, and protected. Visibility is a moot point if you can’t also protect Level 1 and 0 critical assets. If an attack does happen, Level 1 and 0 is where a company will lose control of its physical process. Physical damage and catastrophic events won’t occur from losing data, but it will if a loss of Level 1 control and Level 0 process takes place. Furthermore, insurance typically won’t cover this type of damage from a cyber attack, let alone the reputational impacts and profit loss.

Protecting Level 1 and 0 Field Devices: Where to Start

Assessing existing OT cyber risks is the first step for many operations to identify critical cyber threats and mitigation actions. Armed with that intel, organizations can then devise their OT cyber strategy and work towards achieving cyber resiliency—continuing operations in the face of a cyber attack.

This incremental methodology underpins the philosophy Mission Secure and our partners bring to our clients. Assess your assets, understand the critical risks, identify the traffic and devices across your OT network to establish a baseline of normal operations. Then lock it down. The last part is the most important—lock the OT network down to perform the functions needed and block everything else.

Implement the patented Mission Secure Platform, the only end-to-end cybersecurity solution delivering visibility and protection throughout the OT network—Levels 1 and 0 included. The patented Mission Secure Platform provides the protection needed to mitigate OT cyber risks. Operations are monitored and protected from a single, easy to install and use solution designed and built for the OT environment and OT operators.

Matching its patented technology, Mission Secure employs a client-centric approach across its platform solutions and cyber advisory services. “For cybersecurity to be successful, it must encompass more than just technology,” comments Ward. “Mission Secure prides itself on delivering exceptional technology as well as the service and human support required to help our clients. Your partner is often just as important as your tech.”

Contact us today to learn more or talk with an OT cybersecurity expert about your unique scenario.