COMMENT
Ten years have passed since the infamous Stuxnet attack highlighted the vulnerabilities of operational technology (OT) systems that play a crucial role in our critical infrastructures. However, despite progress, these systems remain exposed, raising concerns about our preparedness for future cyber threats. A recent one Dark reading item by Dan Raywood highlighted how programmable logic controllers (PLCs), particularly Siemens-brand controllers, are still vulnerable.
OT vulnerability
A key challenge with OT vulnerability lies in human behavior. Threat actors exploit human behavior, causing laziness or convenience to override security. This leads to weak passwords, overlooked updates, and poor adherence to protocols. Exploiting these trends, hackers turn easily guessable passwords into master keys and exploit unpatched vulnerabilities to gain access.
The convergence between IT and OT creates a double-edged sword. While it drives efficiency and innovation, it also expands your attack surface. Creating a network to manage the security of manufacturing equipment subjects critical devices (such as PLCs) that operate the machinery to attacks. Therefore, the interconnection between IT and OT has the potential to become a security nightmare.
The layered approach to OT security is best
The Dark Reading article recommends using technology that enforces security measures, such as transport layer security (TLS). While this offers valuable protections, it is far from foolproof. Determined threat actors can still exploit unpatched vulnerabilities or exploit alternative attack vectors, such as IT and OT convergence. If attackers are sufficiently motivated, they could switch to other methods where TLS proves useless. By referencing Siemens PLC vulnerabilities, the attacker can send API instructions directly to the PLC, providing it with indications that can damage critical processes.
The article references comments from Colin Finck, technical lead for reverse engineering and connectivity at Enlyze, about the latest Siemens firmware supporting TLS, which he says isn’t good enough. In this sense the article is correct. But it doesn’t explicitly say that cybersecurity requires a layered approach, where encryption is just one piece of the puzzle.
Do not trust anybody
This is where device-level protection becomes crucial. Securing and securing devices, such as PLCs, provide a solution to both growing attack surfaces and the human element. Security involves a simple approach: trust no one. Therefore, applying and enforcing zero trust helps protect critical infrastructure.
Promoting these strong security policies and establishing clear guidelines for a secure OT environment involves meticulous verification of every attempt to access PLCs. Additionally, specific users should only be granted the minimum necessary permissions. Both security teams and OT managers must uphold access controls, ensuring that only authorized users can interact with the PLCs that control critical systems on the factory floor. Enforcing these security policies prevents determined attackers from sending API instructions directly to the PLC.
Moving forward: building resilience
The vulnerabilities of Siemens PLCs serve as a stark reminder of the ongoing struggle to protect our critical infrastructure. Siemens is just one of many PLC vendors, each of which has different vulnerabilities. For this reason, cybersecurity must be part of the responsibilities of floor managers and IT teams. They need to understand that a multi-layered approach is needed, where the first layer is the protection of the PLCs. Enforcing and managing access and credentials to PLCs transforms vulnerable infrastructure into resilient infrastructure.