- Introduction to ICS Environments
Industrial Control Systems (ICS) is a general term for several types of command and control systems, which are used in industry and critical infrastructure. These systems include several subsystems and categories. Some of these systems are designed to control a single component, such as an altitude or temperature sensor, designed to control the opening and closing of a valve or gate. The others are designed to control multiple components, which are distributed in the field. What they all have in common is their capability of communicating with end components, which act as sensors or actuators.
Common ICS types:
- SCADA systems
- Distributed Control Systems (DCS)
- Structural Control Systems (BMS)
- Industrial Automation Control Systems (IACS)
In recent years, awareness of cyber events has increased, which has focused on attacking systems in the
ICS space network.
Unlike events against computing networks and traditional computing equipment, these events are very likely to directly affect the quality of life and physical safety of citizens. Beyond the potential for damage to the production line, damage to such systems can lead to flooding of cities, leakage of gases, poisons, toxins or wastewater into the environment, explosion of containers and disabling essential services such as electricity, gas, water and more.
The trend of cyber attacks against ICS systems has been on the rise in recent years. The main reason for this is due to the attractiveness of the attack and the difficulty of implementing protection and security controls in the operating environment such as those implemented in the IT network.
Among the most prominent events that have been published in recent years are:
A Trojan-based attack from the TRITON family occurred in December 2017 and was directed against an industrial safety system. The attacker gained access to the Engineering Workstation and to the SIS (Safety Instrumented System), and from there used the aforementioned attack platform attempt try to change the operation and programming of the safety system controllers. The purpose of the attacker was to cause damage so as to disable and neutralize the system. Safety in the Manufacturing Process.
Hacking of the Bowman Dam in the US
On March 24, 2016, it was reported that hackers broke into a small dam in the state of New York in the United States. This malicious takeover could have led to a flood in the city, damage to critical systems and significant financial damage to the city.
BlackEnergy – Power plants disabled in Europe
On December 23, 2015, power outages occurred in European electricity companies, disabling entire regions. It was found that an attacker implanted a malware and sent it via Spear Phishing. Spoofing and Air gap jumping ability from the IT systems to the OT systems led to BlackEnergy running in the organization. In this event, the attacker took advantage of the ability to jump from the IT systems to the OT systems.