While reporting for an upcoming documentary called “Zero Days” by Alex Gibney, a little-known secret Pentagon program named Nitro Zeus was uncovered. Nitro Zeus was created as a fallback plan in the event that nuclear talks between the United States and Iran failed. Under the program, the United States had a contingency plan to use cyber espionage to disable Iran’s air defenses, and communications and power grid. A refined version of the program would focus on the Fordo nuclear enrichment site.
This plan is similar to the development of Stuxnet, which was used to accomplish similar goals of taking Iranian nuclear facilities offline by damaging centrifuges.
Both plans called for the use of Zero Day Exploits, which are vulnerabilities in systems that can be used to gain entry into networks. They earn the title Zero Day because they are often exploited as soon as they are discovered – well before the manufacturer is able to offer a patch to protect against the vulnerability.
Zero Day Exploits pose grave dangers for industrial automation. They may be exploited by oppositional governments, hackers, or even rival companies. Patches arrive after the exploit is ‘in the wild’, and so there’s often no way to completely prevent Zero Day attacks. There are, however, some preventative measures that can be taken to secure data and critical processes. Here are some of the ways to protect a system against exploits and vulnerabilities and avoid becoming collateral damage:
Prevention – Prevention should always be a top focus, even if it is impossible to prevent any and every attack. Often prevention is left until it’s too late, or only implemented after a breach. It is critical to institute policies that include cybersecurity best practices, including antivirus software, updated software, vulnerability scans, and on premise measures like blocking USB ports and isolating the network that handled critical process data.
Secure Communications – Ensuring that your firewall only allows necessary transfer of data can help shield your system. By isolating the most important information to the most secure channels, it’s possible to offer yourself the best protection possible.
Simplicity – By restricting your system to as few components as possible you open fewer potential backdoors. Whenever possible, keep additional software to a minimum and use only trusted software that makes security features a priority.
Always Download and Install Patches – It goes without saying that even vulnerabilities that the vendors are aware of can still be a threat if your software isn’t up to date. It’s always recommended that you keep your system on the most recent versions of the software, and always download and install patches, no matter how minor.
Intrusion Protection – Intrusion protection and other real-time monitoring can help you identify a breach as it happens, instead of long after the fact, when it’s too late to control.
Incident Response Protocol – Make certain that you have protocols in place in case of a breach. Know which system functions are absolutely critical and prioritize the most vital aspects of your system when it comes to response.
Limit the Spread of Infected Systems – Before and after a breach, limit connections to those that are absolutely required for business needs. By restricting access to any other parts of the network it may be possible to slow the spread of an infection and quarantine affected components.
Want more on Security from InduSoft:
InduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security – This eBook provides guidance when building and implementing HMI and SCADA systems, and describes best practices to secure them against cyber-attacks and known vulnerabilities.
Framework for SCADA Cybersecurity – This eBook will provide Critical Infrastructure customers and academic students an understanding of the NIST Cybersecurity Critical Infrastructure Framework and how to apply the framework to new and existing SCADA applications and implementations.