Water, Power & Transportation ICS/SCADA

 

ICS SCADA SYSTEMS VULNERABLE

How vulnerable is our Nation’s Critical Infrastructure?

The basic necessities of life; water, power and transportation are threatened by lack of resources to protect the systems that provide our nation’s basic needs. Nation State Threat Actors are aggressively ramping up efforts to take our country down by targeting Industrial control systems and outdated SCADA systems while US organizations and plant operators are scrambling to not be a target.

“Following the hacking of a Florida water treatment plant early this year 2021, the Cybersecurity and Infrastructure Security Agency (CISA) is warning the operators of other plants “to be on the lookout” for hackers who exploit remote access software and outdated operating systems – and to take risk mitigation steps. “

To be on the lookout

Is this good advice? Yes. Is this practical advice? Hmmm…Understaffed water, power and transportation organization with limited resources and sparse security measures in place to combat the current threat landscape could be running a bit behind. “To be on the lookout” for sophisticated nation state threat actors is a daunting task to say the least, even with the latest threat detection and response solutions in place.

According to Michael Arceneaux, managing director of the Water Information Sharing and Analysis Center, a Washington, D.C.-based group, Water utilities that don’t have the resources and need technical training and help setting up secure systems, selecting software and hardware, and operating the technology.

Did you Know?

The CISA also warned that water treatment facilities that use unsecured or poorly configured remote access tools and outdated operating systems risk hacker attacks targeting their industrial control systems and SCADA systems

“Upgrading to an operating system newer than Windows 7 and securing TeamViewer are good recommendations not only for other organizations with ICS and SCADA but also for any organization in any industry that uses them” according to the U.S. Department of Defense.

Most companies and plant operators know that updating their outdated windows 7 computers and having systems routinely patched will help to mitigate risk, however when we look at ICS/SCADA vulnerabilities that can be exploited we can clearly see a larger picture of multiple paths that a “hacker” can travel down, nearly undetected.

Lets take a quick look at a few methods and vulnerabilities that enable systems to be compromised.

Discovery

Shodan.io is often called one of the scariest search engine on the internet. Why? Shodan searches have discovered control systems for a water park, a command and control systems for nuclear power plants and other critical connected systems . Its easy for anyone to search for “default password” and it reveals countless printers, servers and system control devices that use “admin” as their user name and “1234” as a password, and not surprising many more connected systems require no credentials at all — all you need to discover this information is a web browser.

Reviewing top vulnerabilities that expose ICS/SCADA systems, Microsoft/ Cyberx 2019 Analysis of 1,821 IoT ICS networks yielded the following findings:

Outdated Operating Systems 62%

62% of sites have outdated and unsupported Microsoft Windows boxes such as Windows XP and Windows 2000, which means they no longer receive security patches from Microsoft. The figure jumps to 71% if we include Windows 7, which reaches end-of-support status in January 2020.

Unencrypted Passwords 65%

Nearly two-thirds of Operators (64%) have unencrypted passwords traversing across their networks — with more than half (54%) incorporating devices that are remotely accessible via standard remote management protocols such as Remote Desktop Protocol (RDP), SSH and VNC — making it fairly easy for bad actors to pivot undetected from a single compromised system.

Remote Accessible Devices 55%

As noted above, 54% of sites have devices that can be remotely accessed using standard protocols such as RDP, SSH, and VNC. A common attack vectors for ransomware is RDP, that enable attackers gain access by stealing remote access credentials through phishing attacks, social engineering or even basic brute force attacks. Remote access enables attackers to move laterally from IT to OT networks silently expanding their presence and potential damage throughout networks.

Did you know?
Direct Internet Connections 29%

More than a quarter (27%) of sites analyzed have direct connections to the internet, making them potential targets of malware, targeted attacks, and even simple phishing attacks. Penetration Testers and malicious hackers both know that it takes only one internet-connected device to provide that gateway into a IoT/ICS network.

Penetration Testing Can help your team find exploitable vulnerabilities before bad actors find them.

If you are looking to find exploitable vulnerabilities on your OT/IT networks, Manual Controlled Penetration Testing (MCPT) is an easy to execute cost effective solution.

With Redbot Security you get reports written by experts that highlight key data and exactly how targets were compromised as well as recommendations on best practices along with complete review of remediation recommendations.

Redbot Security’s MCPT is a complete service provided by our team of ICS/SCADA experts to ensure that vulnerabilities are minimized and that your defenses are running in top shape by offering the following:

  • ICS/SCADA Risk & Vulnerability Assessments
  • Penetration Testing (black-box, gray-box, white-box)
  • Real-World Attacker Tactics and Techniques- Controlled Manual Penetration Testing without Interruption
  • Actionable and easy-to-follow results – Risk Rating, Exploit Storyboard and Remediation Recommendations
  • Security Program Development and Deployment
  • ICS/SCADA Network Architecture
  • ICS Security Controls

Personnel within our team are Certified Incident Responders and Industrial Control System Certified – Incident Command System, FEMA, U.S Department of Homeland Security Cyber Emergency Response Team, OPSEC, Influence of Common IT Components ICS, Mapping IT Defense to ICS, Current Trends (threats) (vulnerabilities)– ICS, IT & ICS Attack Methodologies, ICS Domains, Determining the Impacts of a Cybersecurity Incident.

Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), GIAC Penetration Tester (GPEN) GIAC Web Application Penetration Tester (GWAPT), EC Council Certified Ethical Hacker C|EH, Certified Digital Forensic Examiner (CDFE) Defense Cyber Crime Institute (DCITA) DoD, Certified Digital Media Collector (CDMC) Defense Cyber Crime Institute (DCITA) DoD, Certified Information Assurance Security Officer (IASO) DoD.

Our ICS/SCADA team is led by Richard Tillery.  Richard was instrumental in re-developing, implementing, and managing Critical SCADA infrastructure and Cyber Security Operations within the Department of Energy, Xcel Energy, National Grid and re-architecture of Cheyenne Mountain/ NORAD ISC/SCADA along with development and deployment of other critical infrastructure security programs and testing. Richard is recently retired as Chief Warrant Officer 3 within the Army Space and Missile Defense Command / Army Strategic Command (SMDC/ARSTRAT), US Army Reserves.

Richard is a former Senior Cyber Officer, Senior Cyber Forensics Officer and Cyber Intelligence Officer who has developed cyber threat mitigation for the US Army’s Space and Missile Defense Command / Army Strategic Command. Richard Managed Cyber forensics investigations throughout Afghanistan and developed cyber threat mitigation thought the US Army’s Pacific Area of Operation.

Richard is a Northeastern University Distinguished Corporate Fellow providing ICS/SCADA and cybersecurity lectures and is a Certified Information Systems Security Professional (CISSP) ISC2, Certified Ethical Hacker (CEH) EC Council, Certified Digital Forensic Examiner (CDFE) Defense Cyber Crime Institute (DCITA) DoD Certified Digital Media Collector (CDMC) Defense Cyber Crime Institute (DCITA) DoD, Certified Information Assurance Security Officer (IASO) DoD, Target Intelligence (USAF), NSA IAM, NSA IEM with an active TS/SCI.

Richard currently manages Redbot Security’s team of cyber security experts and ICS/SCADA focus.  

Redbot Security

Redbot Security provides critical infrastructure testing without disruption. Our team is led by the Nation’s top ICS/SCADA and penetration testing experts. We have a proven track record and can help to secure your networks during these times of increased threats.

Learn More.

Related Posts
Summary