Protecting Industrial Infrastructure from Advanced Persistent Attacks

17/09/2019
Blog

The IIoT is evolving quickly¸ as factories across the world are increasingly switching to internet-connected sensors¸ monitors¸ and other devices to operate and supervise their manufacturing operations more intensely. While this digital transformation represents increased efficiencies¸ it also reveals potential security threats: More devices on the network with sophisticated operational capabilities make factories a prime target for adversaries who are looking to attack and impact the global supply chain.

The Means of Entry: Programmable Logic Controllers

Among all of the operational systems within an industrial setting¸ the programmable logic controller (PLC)¸ or programmable controller¸ is one of the most vulnerable.

Modern PLCs are sophisticated¸ network-connected computers that form the backbone of both small manufacturing plants and large strategic infrastructure sites. Disruption of these industrial devices can cause catastrophic events on an international scale¸ hence the importance of implementing security solutions in front of a variety of attack vectors.

How are attackers using PLCs to infiltrate sophisticated IIoT factories and wreak havoc? They’re finding a way with Advanced Persistent Threats¸ known as APTs.

The Means of Attack: Advanced Persistent Threats

APTs “are characterized by a ‘long game’ approach to gaining entry¸ avoiding detection¸ and collecting a large volume of protected information¸” says an article from Cimcor.

APTs represent a dire threat to IIoT security because these hackers are dedicated to gaining access slowly to avoid detection—rather than attacking quickly and abruptly. They may be able to slip under the radar of industrial systems monitoring and disguise themselves as part of the organization. Because of this¸ security teams within industrial settings may not be able to detect their presence until it’s too late.

With increasingly complex attack methodology¸ dedicated and persistent actors like APTs¸ and the continued connectivity of industrial settings¸ there is no slowdown in sight for threats to the IIoT. What is needed is a preventative solution and management that completely protects the PLC and other edge devices.

The Solution: The Cloud-to-Flash Approach

One solution to safeguard factories from APTs without relying on the PLC is a new cybersecurity protection¸ monitoring¸ and management approach called “cloud-to-flash.” Championed by NanoLock Security¸ this approach moves the root of trust out of the controller and the OS and into the flash memory.

By creating a root of trust in the flash that blocks code modifications in the flash memory and moves the control from a vulnerable device to a trusted entity on the industrial company’s premise or cloud¸ a secure channel is created all the way from cloud to the flash¸ making it impossible for attackers to alter the firmware with any malicious code. This approach is agnostic to the processor and any software that is running on the device¸ and it avoids any latency in boot time or run time.

And since the solution has moved from the processor side to the flash side¸ this approach—agnostic of the processor and the OS—means that there is no need for additional resources on the processor side; additionally¸ the solution does not have any BOM cost. Therefore¸ ironclad security can be achieved with low-power¸ low-cost processors¸ creating a more palatable cybersecurity solution for IIoT manufacturers and IT management.

This cloud-to-flash approach can protect the PLC or device throughout its entire lifecycle – from manufacturing and supply chain¸ throughout its lifecycle in an industrial setting¸ until end-of-life. Unlike other attempts at IoT security¸ the cloud-to-flash approach isn’t just a software update or firmware fix; instead¸ it provides a way to protect and manage the PLCs and edge devices to block attacks and prevent network breaches.

With the cloud-to-flash approach¸ industrial manufacturers can completely circumvent vulnerabilities and bugs that may be found during an edge device’s life (a common problem with IoT devices) to ensure security and protect their factories from APTs.

Book a demo to see NanoLock’s defense in action