Security was never part of the original design of ICS and OT systems when they were put in place many years ago. Today there has never been a greater need to bridge the gap between ICS and modern security technologies, and to try and understand the differences between traditional networks and ICS networks.
There is still much groundwork to cover in order to understand the process control (levels 0, 1 and 2). The components that exist within these levels are typically viewed as engineering systems with little to no security. The challenge is that due to network filtering, diodes and older hardware such as serial-to-Ethernet converters, the full network is often not always easy to decode or let alone view.
What this means is that detecting network anomalies is difficult and complex in ICS environments. That said, it’s certainly not impossible, but does require more collaboration between security vendors and ICS sources than ever before. And ideally not just reactively responding to incidents, but instead more proactive joint collaboration allowing the two industries to unite, before serious harm to human life at a mass scale occurs.
What worries investigators and intelligence analysts the most is that the attackers compromised Schneider’s Triconex controllers, which keep equipment operating safely by performing tasks like regulating voltage, pressure and temperatures. Those controllers are used in about 18,000 plants around the world, including nuclear and water treatment facilities, oil and gas refineries, and chemical plants