Telenor’s Øystein Berg, Chief Security Architect for the telco’s Norwegian operations, talks to Ignite about the most common threats to industrial assets and what can be done to mitigate them.
Are industrial assets often a target for cyberattacks?
Øystein: Industrial systems are very much a target for cyberattacks, and given today’s security situation, these attacks can come daily and hit society hard. And many of the industrial assets under attack are important control systems that we depend on, such as access to petrol, food, heat, and electricity. These types of resources are often targeted because the gains can be substantial in terms of industrial espionage, geopolitical events, military strategy, or financial conditions.
What are the common cyberthreats that industrial companies should be aware of?
Øystein: Typical IT cyberthreats such as ransomware and other “off-the-shelf” types of malware can be devastating for industrial environments, as the components in the industrial infrastructures often lack the protection mechanisms usually found in IT. The lack of visibility into industrial environments and the ability to detect and act on this type of “attack” makes it more dangerous than in its IT counterpart.
As I mentioned before, targeted attacks are often found in industrial verticals where there’s opportunity for military, financial, strategic, or industrial espionage. These types of attacks are recognized as very hard to detect, and the threat actors are often well financed, highly skilled and have adopted techniques for “living off the land” to hide their whereabouts.
Have these threats increased recently and why?
Øystein: In 2021, there were twice as many Common Vulnerabilities and Exposures (CVEs) as in 2020, which have been exploited by cyberthreat actors. The reason for the increase in threats is due to the technological changes that the industries are undergoing due to external forces, such as covid-19, the cloud, and the need for data in decision support systems. Before, communication in and out of industrial networks was limited, but now that it is more open, the remote access solutions that have been implemented in systems may lack the security design and architecture to support such accesses in a safe way.
What are three things industrial asset owners can do to mitigate these threats?
Øystein: Here are three tips to be more prepared.
1. Always maintain visibility and control of which devices are connected and communicating with each other.
2. Implement good architecture, segmentation, and security monitoring.
3. Establish privileged access management (PAM) solutions that provide good insight into what is being done in the industrial systems.
What should you do if you’ve been attacked?
Øystein: The most important thing in this situation is to have processes and crisis management plans ready before you are attacked. In addition, have good agreements in place with partners who can help you when an incident occurs.