Engineering Workstation Attack Report on Industrial Control Systems

According to research conducted by the SANS Institute and sponsored by Nozomi Networks, 35% of operational technology (OT) and industrial control system vulnerabilities were the initial attack vector for engineering workstation compromises among companies surveyed globally this year, double the number from the same period last year. Fan.

While the number of respondents saying their OT/ICS systems had been breached in the past 12 months fell to 10.5% (down from 15% in 2021), one-third of respondents said they were unaware of their whether the system has been violated.

For the 2022 SANS ICS/OT survey, 332 responses were received, representing industry verticals from energy, chemicals, critical manufacturing, nuclear, water management and other industries.

Control system security challenges

Some of the biggest challenges in securing ICS/OT technologies and processes include integrating legacy and aging OT with modern IT systems; legacy IT security technologies not designed for control systems, causing disruption to the OT environment; and a lack of understanding of OT operational requirements IT Staff; Survey shows labor resources are insufficient to implement existing security programs.

DTU/Edge Gateway/IoT Platform/Gateway Module

0 seconds of 28 secondsVolume 0%

Business services, healthcare and public health, and commercial facilities are the top three industries that respondents believe are most likely to successfully implement ICS compromises that will impact safe and reliable operations this year.

When asked which ICS components were considered to have the greatest impact on the business, the majority of respondents (51%) specified engineering workstations, instrument laptops and calibration/test equipment. The majority of respondents (54%) also said engineering workstations, laptops and test equipment are the system components most vulnerable to threats.

The study noted that engineering workstations, including mobile laptops used for facility equipment maintenance, have control system software used to program or change settings or configurations of logic controllers and other field devices. Unlike traditional IT, ICS/OT systems monitor and manage data that changes in real-time in the real world through physical inputs and controlled physical actions.

IT systems are the primary attack vector for OT/ICS

Although attacks on engineering workstations have doubled in the past year, they rank only in third place as an initial attack vector against OT/ICS systems. The primary attack vector for OT/ICS systems involves IT, with 41% of companies reporting that IT vulnerabilities were the cause of eventual compromise of their OT/ICS systems.

The second largest attack vector is removable media such as USBs and external hard drives. To avoid this threat, 83% of respondents have formal policies in place to manage temporary devices, and 76% employ threat detection technology to manage these devices. Additionally, 70% use commercial threat detection tools, 49% use home-made solutions, and 23% have deployed ad hoc threat detection to manage this risk.

“Engineered systems, while not equipped with traditional anti-malware agents, can be protected through network-based ICS-aware detection systems and industrial-based network architecture practices,” the report states. “Additionally, log capture or log forwarding and regular controller configuration verification as part of ongoing engineering maintenance tasks for field devices are viable ways to begin protecting these assets.”

The report shows that ICS security is maturing. “The ICS threat intelligence market has come a long way in 12 months. More facilities are using threat intelligence from vendors to take more immediate and actionable defensive measures. With a majority of 2021 respondents Differently, 2022 respondents no longer rely solely on publicly available threat intel,” according to the report authored by Dean Parsons. “This signals an increase in maturity and awareness of the value of ICS vendor-specific threat intelligence, as well as budget allocation to improve proactive defenses in this area.”

Industrial systems have their own security budgets

More organizations are getting ICS-specific security budgets, and by 2022, only 8% of facilities will have no security budget, the report said. Twenty-seven percent of organizations have budget allocations between US$100,000 and US$499,999, and 25% have budgets between US$500,000 and US$999,999.

Over the next 18 months, organizations are allocating these budgets to various initiatives; plans to increase visibility into network assets and their configurations (42%) and the implementation of network-based anomaly and intrusion detection tools (34%). Network-based intrusion prevention tools on control system networks also receive attention (26%).

Nearly 80% of respondents said they now have roles that emphasize ICS operations, compared with only about 50% having such specific roles in 2021. However, the organizations said that even though these areas have different tasks, required skills and impacts during security incidents, there is still a convergence of responsibilities.

Nearly 60% of survey respondents use passive monitoring, with network sniffers being the primary method of detecting hardware and software vulnerabilities. The second most common method is continuous proactive vulnerability scanning.

The third most common method is to compare the configuration and control logic program to a known good version of the logic.

Contact Us