Express Computer

Home  »  Interviews  »  Indian organizations are extremely vulnerable to critical infrastructure attacks: Kaushal Dalal, MD India, FireEye

Indian organizations are extremely vulnerable to critical infrastructure attacks: Kaushal Dalal, MD India, FireEye

InterviewsNews
By Srikanth RP
0 458

FireEye released a recent report on the few key weaknesses faced by critical industrial systems. Enterprises in India are extremely vulnerable to these threats, as many of the industrial networks run on outdated systems that are difficult to patch. Kaushal Dalal, Managing Director for India, FireEye, shares some of the key vulnerabilities that Indian organizations are vulnerable especially with respect to critical infrastructure attacks

How different are industrial networks from traditional IT networks from a security perspective?
Industrial networks differ quite significantly from traditional IT networks due to the specific requirements of their operation. Industrial networks are more critical than traditional IT networks.They are the technological backbone of manufacturing lines, electric grids, water supplies, and production lines. Lives often depend on it. For example, consider how many systems in a hospital can affect patients.

Industrial networks often run on outdated systems which are difficult to patch. The hardware, such as PLCs, RTUs, VFDs, protective relays, flow computers, and gateway communicators, can be operational for decades and may operate too simplistically. It’s difficult if not impossible in some cases to add new security or new layers to ICS systems due to their age and design.

What are some of the soft targets for hackers in industrial networks?
Most industrial networks use outdated and unpatched Microsoft Windows operating systems. This is a soft and easy spot for attackers. ICS vendors often don’t have a list of third-party software and versions used in their products. Weak firmware integrity checks is also a weakness. Firmware (the code that enables an embedded device to perform its functions) is generally more difficult to change or update than software. Dozens of vulnerabilities involving password weaknesses in ICS devices and software from numerous vendors have also been disclosed. ICS hardware is often outdated and lack the processing power and memory to handle the threat environment presented by modern network technology

How vulnerable is India with respect to the vulnerabilities pointed out in the report? 
Indian organizations are quite vulnerable to critical infrastructure attacks. India has underinvested in technology and cyber security for quite some time. This is now a significant problem. With the country rapidly embracing new technologies, connected systems, digitization and the concept of smart cities – it will only create additional vulnerabilities for Indian firms. Most Indian industrial systems run on old outdated hardware, use unpatched Microsoft Windows operating systems, use weak passwords and have undocumented third-party vendors. These are the few most common weaknesses observed by us.

It is important to keep industrial control systems separate from the rest of the network. It’s good to stay connected, but it’s better to allow the data to flow in a way that it also prevents unnecessary connectivity with unprotected networks. It is also safer to have two-factor authentication and allow limited, authorized access to the ICS systems.

What are some of the big vulnerabilities that should be of concern to Indian manufacturers?
There’s not just one, there are a million big vulnerabilities Indian manufacturers should be concerned about. Here are a few types:

• Access to Level 2 Allows a Threat Actor to Manipulate Processes: More than half the vulnerabilities discovered since 2013, deal with Level 2. Devices that directly control the processes, such as HMI and engineering workstations, reside here. Like having a master key, controlling one of those devices gives attackers control of any connected processes. For example, as seen in the attacks on the Ukrainian power companies in December 2014, once attackers have access to the HMI, they can open and close switches and actuators at will without exploiting additional vulnerabilities.

• Unauthenticated protocol remains one of the key vulnerabilities. Using unauthenticated protocols allows any computer connected to these networks to interact with the controlled process. For instance, the use of Modbus/TCP allows any device on the network to alter a set point within the process logic executed by the controller.

• Engineering workstations and HMIs often run outdated and unpatched Microsoft Windows operating systems, leaving them exposed to known vulnerabilities. Exploit kits frequently incorporate exploits for older and unpatched systems, even if patches are available. These can affect unpatched or outdated HMI computers accessing the Internet. For example, advanced threats, such as APT 17 and actors using Kraken malware, continue to target Windows XP and Windows Server 2003.

What recommendations would you give Indian organizations to address the weaknesses seen in industrial systems?
We recommend plant managers, operators and field technicians to take a few steps to mitigate and address the weaknesses seen in industrial systems:
• Implement bump-in-the-wire authentication solutions or VPNs
• Incorporate deep packet ICS firewalls that block unauthorized commands from certain IP addresses
• Configure restrictive access control lists and firewall rules, to minimize network connectivity of devices with outdated hardware
• Consider upgrades for older devices that have network connectivity and support critical process control functions
• Monitor device logs and network traffic for attempts to exploit password weaknesses
• Obtain software/firmware directly from the vendor and not third-parties. Examine ICS products to identify third-party software before operational deployment
• Monitor the network for firmware and logic updates
• Maintain an inventory of operating systems used in an industrial environment that are unpatched or no longer supported
• Request or require that vendors validate patches for the third-party software to ensure interoperability

Get real time updates directly on you device, subscribe now.

Srikanth RP

Srikanth is an award winning journalist with more than 16 years of experience. In 2010 and 2013, Srikanth received the Polestar award for Excellence in IT Journalism, from the PoleStar Foundation, an independent trust established in 1998 to recognize Excellence in Business and IT Journalism.

In the past, Srikanth has led the editorial operations for InformationWeek (UBM) and Dataquest (CyberMedia). Srikanth has also been associated with Patni Computer Systems and Capgemini India, in marketing and communications roles. He can be reached at [email protected]

You might also like More from author
Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
Powered by Convert Plus
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image