KICS For BRICS

Thanks to technological progress, things are now produced at higher speeds, in greater volumes, at higher temperatures, and in more hospitable environments than at any other time. These advancements mean that the level of industrial risks today is also historically unprecedented.

Modern factories, transportation systems, and infrastructure heavily rely on computerized systems to operate. The world is moving rapidly toward a ‘smart’ and highly versatile ‘cyber-physical’ operational environment. But a big issue today is that most industrial IT concepts, protocols, and technologies were not initially designed with omnipresent hyper-connectivity in mind. Thus, they tend to be vulnerable, and a shrewd attacker exploiting such a vulnerability can cause immense damage – even devastation.

Nevertheless, I’m confident that it’s possible to fundamentally lower this risk. We need to design industrial control systems that are immune to cyber threats. This will take a lot of time and work, but it’s crucial that we achieve this goal.

The industrial automation and implementation of the Internet of Things is transforming companies, but it also makes them face new challenges. Are cyber threats one of them?

Cybersecurity challenges in industrial control networks are not escapable due to rapidly increasing functional requirements and the exponentially growing use of IT. In 2016, we saw stable growth in attacks on industrial computers as a share of all cybercrime.

In the second half of the 2016, our products across the globe shielded attempted attacks on 39.2 percent of industrial computers. Every month, one industrial computer out of every five is attacked by malware.

What is the cyber threat landscape for industrial systems? Is it similar to corporate networks?

I would like to emphasize three principal moments, which differ in the information technology (IT) and operational technology (OT) domains.

Firstly, it is priorities. The main area of focus for the IT domain is privacy, and for the OT environment, business continuity matters much more. So, availability is key there. Just imagine, an average cost of unplanned downtime caused by a cyber incident can start at $250,000 per hour for a modern refinery plant.

Secondly, it is objects to protect. Protection for a typical industrial control system (ICS) should be oriented on specific objects of cyber-physical systems. For example, the electric power distribution industry requires a component for industrial network monitoring with network integrity checking as well as deep application protocol inspection capabilities to provide a reasonable level of protection against cyber threats.

And thirdly, it is stakeholders. The operational technology team is essential for the planning, execution, and incident response in the area of ICS cybersecurity. Fending off the impact of any computer incident on production requires closely concerted efforts of both IT and OT teams.

How is it possible to manage and mitigate industrial cyber risks, and protect the continuity and integrity of technological processes in industrial environments?

Risk is absolutely an appropriate term here as cyber threats can impact the profitability of an industrial company. As an example, in the US, Georgia-Pacific lost $1,134,828 due to hacking into the computer system of its industrial facility. To avoid this, a multi-discipline approach should be deployed. The mitigation part of this new risk management domain requires cybersecurity measures for critical facilities be based on holistic approach. The Kaspersky Industrial CyberSecurity (KICS) solution combines conventional security technologies, adapted for an ICS environment. This strong foundation is enhanced with technologies designed for industrial environments, including integrity checks for PLC programs, semantic monitoring of process control commands and telemetry data to detect cyber-attacks targeting the physical part of an infrastructure.

This strong foundation is enhanced further by unique technologies designed specifically for industrial environments.

According to a Kaspersky Lab ICS CERT report, more than 30% of industrial computers were attacked in India in March 2017. This figure is really threatening, as the cybersecurity of critical organizations is not limited to data confidentiality. To avoid possible risks, the central government will need to publish policies and directives that provide clear guidance to large public sector and private sector organizations responsible for the management of critical infrastructure. Currently, a few companies are trying to force liabilities on technology product providers. However, this will not help solve the problem, as no technology company can take up the cyber risk of a large complex organization. Cybersecurity solutions for industrial systems must be tackled from a few different approaches. It is important to take into account risk assessment to understand the problem at hand, training of resources, and staff and experts that help mitigate the risk.

China is a big country with the most complex and numbers of critical infrastructure. These key facilities have a profound impact on people’s lives and the functioning of society. Ensuring the security of key infrastructure is an important and urgent task for China. Kaspersky’s KICS will be committed to providing the perfect cybersecurity protection for critical infrastructure in China.

Four in five countries in the LatAm region do not have cyber security strategies or critical infrastructure protection plans. Two out of three do not have a cybersecurity command and control center. Brazil has invested heavily in Information and communication technology to promote economic growth and social progress. Therefore, it has become a prime target of cyberattacks, including spear-phishing, malware, and DDoS attacks. Today, Brazil is at the intermediate level of cybersecurity development, but still far from advanced countries such as the United States. Brazil has many Computer Security Incident Response Teams, which range from government-managed entities to private sector or academic teams. However, the Incident Response community should be changing in response to the development of types and complexity of attacks. The Brazilian private sector is becoming more interested in the protection from cyber threat, as a 15-day stop of a small company in Brazil caused by a cyberattack will lead to the loss of approximately $100,000, excluding indirect costs.