SCADA

The Role of Security in Automation

Prompted by a LinkedIn article written by our good friend James Chappell at Digital Shadows, entitled “The Role of Automation in Security” we thought that it would be a great idea to explore the converse of the concept and write about “The Role of Security in Automation” as this is exactly what we at Awen Collective are addressing.

Automation has almost always been for simplifying repetitive or dangerous tasks (or captivating imagination). This has been the case since the ancient Greek legends of automatons through to the contemporary physical robotics and digital assistants.

Homes, office buildings, factories, airports, national infrastructure, even entire cities are now being connected with systems providing advanced analytics to be able to enhance the efficiency of business and society, and to improve human-safety. However, with the inter-connectivity of physical systems comes the ever increasing ability to attack them. These systems are, for the most part, not IT-based technology (at least not entirely), they are Operational Technologies made with specific control and/or sensory processes in mind. Quite often there is a blend of legacy and contemporary technologies, often with no or limited embedded cyber-security out-of-the-box.

While some organisations are attempting to address this with active monitoring and intrusion detection technologies, they have had limited success due to the requirement of costly network reconfiguration to support these emerging technologies, and a lack of support for the legacy technologies still in use.

Awen Collective takes a different approach. With our experience performing digital forensics on these systems we have developed software (and accompanying techniques) which do not require a significant configuration overhaul. In fact, our software is specifically tailored to work on whichever network topology is in place, even if it is legacy, even if it is serial, even if it is messy and distributed. We give critical infrastructure, advanced manufacturers, smart cities and a whole load of other potential stakeholders the ability to understand the vulnerabilities of their operational networks and their cyber-physical systems. This allows them to better understand their cyber-risk and improve their cyber-security efforts, reducing their cyber-risk in a cost-effective manner and improving their compliance to a plethora of cyber-security related regulations & standards.

If you’re an owner or administrator of operational technologies or cyber-physical systems, ranging from industrial control systems (ICS, such as SCADA or IIoT), networked robotics, building control systems (including physical security and HVAC systems); then we are certainly able to help you improve your cyber-security, reduce your cyber-risks, and improve your compliance. We’re even able to assist post-incident with the necessary investigation and the reporting of the attack to relevant authorities.

Just get in touch, we’re always up for an exploratory chat. Email to schedule in a call or a face-to-face: hello@awencollective.com

We hope to hear from you soon.

Daniel - CEO & Cofounder, Awen Collective

Cyber Attacks on OT on the rise, and why we should be concerned

Last week, cyber security experts Fortinet published a report on security trends within Operational Technology, again putting the spotlight on these highly vulnerable and increasingly attacked systems, many of which are responsible for providing critical services to society worldwide.

There was an indication that bespoke OT cyber attacks are on the increase, targeting specific vulnerabilities within SCADA and ICS systems. Whilst this is certainly a serious concern, almost more shocking is that the majority of attacks on OT systems are via IT-based legacy attacks which would no longer be effective on modern IT systems. These OT systems are comprised of aging hardware, running unpatched software, and leaving them highly vulnerable to even basic IT-based cyber attacks. This leads to an ability for bad-actors to be able to effectively disable an OT environment with no specialist or prior knowledge of the specific systems involved - leaving no specific ICS/SCADA devices secure, regardless of vendor, software or hardware involved.

There also seems to be continued ongoing neglect of basic cyber-hygiene within ICS and SCADA environments, with almost a third of OT devices directly connected to the internet, and another third accessible from the internet via the IT enterprise. Whilst there is an acknowledgement that there are many benefits from connecting the OT environment to the IT network to increase efficiencies and visibility, leading to optimisations and significant cost savings, these are in direct opposition to the increased security risk. These findings seem to point towards a scenario where potential cost savings are considered above the cyber-risk by the decision makers within these organisations, leading to the highly vulnerable situation that Fortinet are now reporting on.

To add to this, it is reported that more than 8 in 10 respondents to a survey stated that they are unable to identify all the devices connected to their OT and IT networks. How can OT operators begin to mitigate the cyber risk within their environments when they don’t even have the visibility into the devices they need to protect? This is something we are keenly aware of at Awen Collective, and we’re here to help. Our asset and risk discovery software, Dot, exists to provide a deep level of understanding of an OT environment, highlighting key concerns and helping cyber security, OT engineering and corporate compliance teams to manage their responsibilities with the best information available to them.

What the report doesn’t focus upon is the environments where these systems are operating, and the potential affects on the operators and their clients. Whilst many these systems exist within manufacturing facilities, and naturally there are huge costs associated with attacks within the manufacturing sector, there is more at play here than just monetary loss by large-scale manufacturers. ICS and SCADA systems are a key part of how providers of critical national infrastructure deliver their services to society. This includes the provision of electricity, water, sewerage, transportation and healthcare. If any of these services were interrupted or disabled due to a cyber attack, there’s a strong likelihood of widespread disruption, potentially leading to societal destabilisation and loss of life.

There has been an effort by EU legislators to address this concern, introducing the NIS Directive and ensuring that all EU states bring into law that critical national infrastructure operators are considering their cyber security across their entire IT and OT estates, and embedding good cyber security practice at all levels of their organisations. Based on this report, there should be some significant hurdles for CNI operators to overcome to get themselves entirely compliant with the directive. With fines of £17 million or 4% of annual turnover due to be levied against operators not found to be compliant, it should be a strong wake-up call for business decision-makers across CNI organisations. To help, Awen Collective offers Profile – a compliance checking tool for the NIS Directive, allowing a CNI organisation to easily and quickly determine their current compliance level, identify weaknesses to overcome and get advice on next steps.

We’re thankful to Fortinet for their report, and we’re looking forward to continuing to help ICS and SCADA operators solve the cyber security issues they have. If you’re looking for cyber security solutions for your OT environment, reach out to us at hello@awencollective.com.