Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 28 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Is Air Gapping Really a Solution?

Isolating OT Systems From The Network Won't Make Them Invulnerable to Cyberattacks

by Sabina
December 3, 2019
in Uncategorized
Connections
Share on FacebookShare on Twitter

by Nigel Stanley, CTO at TUV Rheinland

Operational technology (OT) based solutions – where computerised systems control a physical output or detect a physical effect – have become an area of increased focus for cyber-attacks. This has now become a real concern for enterprises whose production systems, manufacturing plants, industrial control systems and processing infrastructure are under constant threat.

Cyberattacks are a very real risk. Criminals have identified these OT systems as prime targets as they’re often connected to poorly secured networks, the compromise of which could result in substantial monetary returns for cyber criminals thanks to ransoms, intellectual property theft and espionage.

The ‘retro’ approach to addressing this risk consists of completely disconnecting critical systems not only from the public network, but also from closed internal networks. This approach has gained traction recently with some politicians demanding that critical systems be air-gapped or physically disconnected to defend them from potential attacks.

Unfortunately, this might not be the most effective way to protect operational technology from motivated attackers. It might, in fact, have the counterproductive effect of creating a sense of false security in cybersecurity teams.

Attackers are resourceful

A motivated attacker will find creative ways around most preventative controls, including air-gaps. Even without being attached to a wider network, connections abound, and systems light up with data flows often without the company knowing about it. There are many ways in which cybercriminals can achieve this, some more creative than others, some not farfetched at all.

The underestimated, humble USB is an example of how an attacker could bridge OT air gaps. Often seen openly accessible on industrial workstations or process engineering systems, USB sticks can carry malware or be a route out for corporate intellectual property (IP). The now infamous Stuxnet worm that was first revealed to the public in 2010 is believed to have made its way into a secure facility by a USB. All it takes is an attacker to convince an employee to plug a USB stick into a computer labelling it with the right words, such as “payslip info” or “HR”. We humans are, after all, curious creatures.

Smartphones are another convenient mechanism to cross air gaps, as they have become portable computers with the capability of carrying malicious software. If switched into WiFi hotspot mode, they can serve as an attack vector. Their cameras, if compromised, can be exploited to exfiltrate visual data and screen shots that can be useful to an adversary. There have certainly been instances where bored operators have fired up a hotspot and streamed dubious movies overnight, effectively compromising the security of the facility.

Through insecure Wi-Fi hotspots, large amounts of OT data can be leaked in short spans of connection time. This is often down to bad configuration, or maybe a desire by the OT team to take advantage of an existing internet connection. Certainly, this is not always malicious as more and more OT equipment manufacturers need access to their hardware for predictive maintenance and similar reasonable business needs. But has the connection been risk assessed?

More dangerous than Wi-Fi, but increasing in popularity, is the practice of adding cellular connections to equipment so that it can “phone home”. In many cases, these connections are never spotted due to their small form factor and the difficulty in spotting their transmissions. In many cases these have only been found following an unconnected site technical surveillance counter measures assessment or bug sweep.

More creative proofs of concepts have shown that a motivated attacker could, in theory, modulate LEDs or light sources to transmit data, use power source analysis to detect data flows or even system noise as a transmission medium. Although certainly complicated to carry out, an attack like this is not implausible.

How to tackle the problem

Accepting that air gapping critical systems is rarely an efficient security control, the first step to tackle an OT cybersecurity risk is to conduct some form of proportionate assessment. This will provide a broader view of the system business risk and enable appropriate controls to be put in place – and in many cases air gapping is unlikely to figure high on the list of things to do.

 

This article was originally published on the E&T Magazine: https://eandt.theiet.org/content/articles/2019/10/comment-busting-the-myth-of-the-operational-technology-air-gap/

 

 

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

21M Mixcloud Users Compromised from Data Breach

Next Post

TikTok user data transferred to China without consent

Recent News

penetration testing

Cymulate’s 2022 Cybersecurity Effectiveness Report reveals that organizations are leaving common attack paths exposed

March 28, 2023
Synopsys discover new vulnerability in Pluck Content Management System

Synopsys discover new vulnerability in Pluck Content Management System

March 24, 2023
Dole Food Company

Dole confirms employee data was breached following February ransomware attack

March 24, 2023
call centre

MyCena Improves Customer Data Access Protection in Call Centers and BPOs

March 23, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information