The security of increasingly complex industrial networks

For several years now, industrial networks and systems have been targeted by computer attacks of all kinds.

The work of securing computer networks is becoming more and more complicated for the specialists responsible for ensuring it. This is the reason for this is the complex nature of computer parks, which are themselves more complex to manage.

This article will also interest you: Less than half of IT security managers are effective in their work

Let us remember that in 2010, an Iranian industrial system was hit by the Stuxnet virus. A special program combining the features of a Trojan horse plus that of rootkit. It was discovered by a company specializing in Belarusian computer security. This virus made it clear that the world's industrial networks were not really immune to computer attacks. In our case, it should be noted that the virus was introduced into the factory system via a corrupted USB stick or a trap terminal transported by an employee. "It was Stuxnet who introduced the concept of cybersecurity into the industry. Prior to its appearance, the RSSI (Chief Information Security Officer or CISO) was confined to the IT part. After 2010, industrialists realized that the risks were transverse. Today, RSSI has authority over the cybersecurity of industrial networks and video surveillance systems," says Ceo Co-Founder of Holiseum (a cybersecurity consulting and services company), Faiz Djellouli. According to Edward Snowden, the source code for this malware was co-written by the Israeli secret service and the US NSA. The objective was clearly to slow down Iran's nuclear program. But today we realize that the effects of this virus go beyond the original framework. Several cases of industrial network attack were then reported, based on viruses of the same kind as Stuxnet.

This problem can also be addressed in the sense that industrial sites are much more targeted by cyber-warfare attacks than many states engage in. Because all this can be a significant means to destabilize the opponent or the competitor. "After Stuxnet and Industroyer, now is the time for the Ekans ransomware. Designed to attack industrial facilities, specifically software that controls automatons and runs Windows, this malware takes its victims hostage and demands a ransom in return. Given the context, the slightest paralysis can be very expensive, leading victims to pay," says Fabien Lavabre, a Cybersecurity specialist at Seclab, a Montpellier-based company specializing in cyber protection of industrial systems.

Moreover, the vulnerability of industrial networks is essentially based on their digital transformation. Before, if all infrastructures were managed separately from IT, with the idea of convergence, we had to observe a significant rapprochement. There was an obvious gain to do so. Firstly, in terms of efficiency but also in terms of information processing time. Unfortunately, the downside has been to expose it even higher in the face of cyberattacks. They are increasing considerably, and so are the vectors of attacks. "Digitalization has forced them to borrow solutions from the IT world, but the cycle is not comparable because after about 5 years, an OS is no longer supported while in the industrial world, the life cycle is more important (between 15 and 20 years)," noted Faiz Djellouli.

In addition, the industrial sector is increasingly exploiting connected objects to make it optimal to automate its services in order to increase its productivity. Yet the Internet of Things is already known in the computer security sector as being very vulnerable to cyberattacks.

Finally, a large part of the equipment, turning Windows in the industrial sector (30%) operating under a version of the software that has not even been supported by Microsoft for quite some time. And this is a mine of vulnerability that cyber criminals will not hinder to take advantage of. "Simple measures (human, organizational, technological and physical) – such as hardened passwords, network segmentation, access control – and a risk-use approach cover most threats. You don't have to have a prohibitive budget," says Faiz Djellouli.

Now access an unlimited number of passwords: