Today’s energy sector is undergoing massive change, especially as more utilities try to usher in clean or renewable energy alternatives like solar, geothermal, hydroelectric, and wind power. In addition to the clean energy transition, grid modernization is another major shift in the energy industry. The Industrial Internet of Things (IIoT) is expected to transform the energy grid and support modernization efforts.
Industrial control systems are fundamental to all industrial processes, from power generation to water treatment and manufacturing. ICS refers to the collection of devices that govern a process to ensure its safe and effective execution. These devices include Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control systems like Remote Terminal Units (RTU) and Programmable Logic Controllers (PLC).
The distribution systems of the U.S. energy grid — the portions of the grid that carry electricity to consumers — are growing more susceptible to cyber-attacks, in part due to the advent of monitoring and control technology and their reliance on them. However, the magnitude of the possible consequences of such attacks is not fully understood.
Most of the time, the advantages of technology overshadow the recognition of challenges. IT/OT convergence has given a boost to the industry, there are many cybersecurity considerations. Due to a lack of legislation, best practices are filling the void. This article will give an overview of industrial cybersecurity best practices.
We’re starting the new year with a conversation focused on securing critical infrastructure. The issue, of course, is that we’re seeing increased threats and cyberattacks on critical infrastructure. Not to mention the war in Ukraine. This collective threat is a rallying point, bringing together cyber professionals from around the world, as well as their respective countries.
It is always said that security is never a one-size-fits-all solution. This is true not only because of the apparent infinite varieties of equipment in each individual organization, but also, and perhaps more importantly, the different ways that every organization views security. Some spend lots of time focusing on physical security, especially those with industrial control systems (ICS). Others are small organizations, where the primary concern is personal data theft.
The JFrog Security team recently competed in the Pwn2Own Miami 2022 hacking competition which focuses on Industrial Control Systems (ICS) security. One of our research targets for the competition was the Unified Automation C++-based OPC UA Server SDK. Other than the vulnerabilities we disclosed as part of the pwn2own competition, we managed to find and disclose eight additional vulnerabilities to the vendor. These vulnerabilities were fixed in the SDK in version 1.7.7.
Cybersecurity has, since its inception, been a corporate-based problem. Whether it is a public, or private corporation, these entities were the primary targets of most cybercrime. In recent years, the industrial sector has increasingly become the target of attack for malicious actors. The reasons include newly internet-connected devices that were once air-gapped, and the immaturity of cybersecurity in many of these plants.
