'Iranian acting for Israel' planted Stuxnet virus
'Iranian acting for Israel' planted Stuxnet virus

We are not learning the lessons when it comes to protecting industrial control systems, despite increased attacks, according to the defence and security specialist.

Speaking at the Infosecurity Europe 2013 press conference in London, Andrew Beckett, head of cyber security consultancy and professional services at Cassidian, said that while 80 per cent of attacks on industrial control systems were unintended, the problem is often down to old technology that is brought down by standard malware and volumes of traffic.

He said: “If you want to attack a country and disrupt its operations, attacking the industrial heartland is the way to go.

“Why are these attacks so effective? Because they are relatively soft targets, They have not benefited from security controls like government or defence systems and because of their age, they don't receive updates, yet they are about critical availability as run 24/7.

“You can see engineers walk in and out with laptops and data transferred by USB sticks; often there is no malicious intent but endpoints does not have the same levels of protection, so controlling multiple entry points is a problem. There is also poor network segmentation and a lack of division, so it is easy for a worm to spread and replicate across the network.”

Citing examples such as in August 2005 when Chrysler auto plants were shut down by a worm that caused a $14 million loss and the Iranian systems hit by Stuxnet in 2010, Beckett said that a poor job has been done on cleaning up Stuxnet, and that anyone who wants to reprogram it will have a ready-made botnet to launch the next attack.

“Having a defensive perimeter is not enough. The problem with defending network and with malware is that it is carried in and out; the perimeter is breached or breachable, so you need to protect individual segments and you need defence in-depth, and that is largely missing from industrial networks,” he said.