Tag: Cybersecurity

Dragos Report on Cybersecurity Vulnerabilities In Manufacturing

Cybersecurity firm Dragos recently published a report on what it describes as the rising cybersecurity threat to manufacturing organizations.

The report discusses threat actors targeting industrial control systems (ICS) to pull of ransomware and IP-theft attacks,

Ransomware adversaries are adopting ICS-aware functionality with the ability to stop industrial related processes and cause disruptive – and potentially destructive – impacts. Dragos has not observed ICS-specific malware targeting manufacturing operations on the same scale or sophistication as that used in the disruptive TRISIS and CRASHOVERRIDE malware attacks that targeted energy operations in Saudi Arabia and Ukraine, respectively. However, known and ongoing threats to manufacturing can have direct and indirect impact to operations. This report provides a snapshot of the threat landscape as of October 2020 and is expected to change in the future as adversaries and their behaviors evolve.

. . .

The most common threat to manufacturing is ransomware. Dragos observed a significant rise in the number of non-public and public ransomware events that have affected ICS environments and operations over the last two years.

This year, Dragos identified multiple ransomware strains adopting ICS-aware functionality, including the ability to “kill” (i.e., stop) industrial processes if identified in the environment, with activity dating back to 2019. EKANS, Megacortex, and Clop are just a few ransomware strains that contain this type of code. Past concerns with ransomware in ICS focused on propagation. IT-focused ransomware could impact control system environments if it is able to migrate into Windows-based portions of control system networks and disrupt operations.

In 2020, the number of publicly reported ransomware attacks on manufacturing entities has more than tripled compared to 2019, based on data tracked by Dragos. Although most ransomware strains impacting ICS and related entities are IT focused, ransomware can have indirect impacts on operations and process control networks by impacting resources such as logistics, fleet management, sales operations and fulfillment, or loss of view to enterprise resource management tools. For example, enterprise technologies like Enterprise Resource Planning (ERP) software are integrated with data historians containing process data to distribute information across a company. By encrypting ERP and related files on a workstation, a ransomware adversary could stop vital communication and record keeping, indirectly impacting manufacturing process and logistics operations.

The report includes recommendations for manufacturers to implement mitigation strategies, including a critical examination of network assets to understand and harden potential weaknesses, mandating multi-factor authentication wherever possible, ensure network segmentation wherever possible, etc.

GAO Releases Aviation Cybersecurity Report

The United States Government Accountability Office released a report detailing cybersecurity risks with modern commercial airplanes’ avionics systems.

According to the report’s summary,

Modern airplanes are equipped with networks and systems that share data with the pilots, passengers, maintenance crews, other aircraft, and air-traffic controllers in ways that were not previously feasible (see fig. 1). As a result, if avionics systems are not properly protected, they could be at risk of a variety of potential cyberattacks. Vulnerabilities could occur due to (1) not applying modifications (patches) to commercial software, (2) insecure supply chains, (3) malicious software uploads, (4) outdated systems on legacy airplanes, and (5) flight data spoofing. To date, extensive cybersecurity controls have been implemented and there have not been any reports of successful cyberattacks on an airplane’s avionics systems. However, the increasing connections between airplanes and other systems, combined with the evolving cyber threat landscape, could lead to increasing risks for future flight safety.

The Federal Aviation Administration (FAA) has established a process for the certification and oversight of all US commercial airplanes, including the operation of commercial air carriers (see fig. 2). While FAA recognizes avionics cybersecurity as a potential safety issue for modern commercial airplanes, it has not fully implemented key practices that are necessary to carry out a risk-based cybersecurity oversight program.

Specifically, FAA has not (1) assessed its oversight program to determine the priority of avionics cybersecurity risks, (2) developed an avionics cybersecurity training program, (3) issued guidance for independent cybersecurity testing, or (4) included periodic testing as part of its monitoring process. Until FAA strengthens its oversight program, based on assessed risks, it may not be able to ensure it is providing sufficient oversight to guard against evolving cybersecurity risks facing avionics systems in commercial airplanes.