Cyber-attack threats against digital assets have increased as the business world largely integrated with digital transformation. Institutions that face serious data breach risks need to build their cyber security programs by incorporating cyber-physical systems as well.
Last February, a cyber attacker gained remote access to the computer system of a water treatment plant in the state of Florida in the United States. The attacker attempted to increase the amount of sodium hydroxide in the water source of the plant to hazardous levels. An operator in charge of the IT infrastructure of the plant noticed the unauthorized access made through remote access. However, this incident and similar incidents show that the intersection of the cyber and physical worlds could pose various hazards for institutions.
Cyber-physical systems do more than process data; they manage and optimize physical consequences ranging from individual processes to the entire IT ecosystem. Therefore, new strategies should also be utilized in addition to enterprise IT security when establishing CPS (Cyber-Physical Systems) security.
Cyber-Physical Systems Could Be Potential Risk Areas
Cyber-physical systems are comprised of the combination of many different elements. CPS stands out as a concept covering IoT, smart cities, operational technology (OT) and IT infrastructures and is very important for the cyber security networks of institutions. The reason is that these structures can become easy and open targets for cyber threats if the necessary cyber security measures are not taken as they may not be included in security policies. Enlarging your risk focus to include cyber-physical systems makes it easier to ensure uninterrupted business flows in your organization.
As cyber physical systems refer to the intersection of the technology and IT infrastructure of your organization and its physical assets, ensuring access and data security through advanced methods prevents any cyber-attack from damaging your physical assets and thereby disrupting your business flow. After 2021, when the potential consequences of cyber dangers in systems infiltrated via stolen privileged user accounts or seized privileged access credentials were seen, institutions are slowly beginning to realize the importance of cyber-physical systems that are vital in terms of access security.
According to Gartner, it is foreseen that by 2025, 50% of public institutions and companies operating in manufacturing will merge their cyber-physical and supply chain security teams under a single head of security reporting directly to the administrative supervisor or the CEO, which means that physical systems will be integrated with the supply chain and the IT infrastructure in the coming years.
Be Aware of the Risks
You should be aware of hackers seeking to damage CPS by targeting the privileged account credentials and of all the potential risks of internal threats with access to critical systems and data. For example, in 2000, a contractor manipulating the SCADA radio-controlled sewerage system in the Maroochy Shire local government area of the city of Queensland, Australia discharged 800,000 liters of sewage waste into the parks in the region.
If the example from 2000 seems a bit old, we should also note that we had a turbulent year full of news about recent ransomware attacks that halted logistics operations, disabled gas pipelines and affected steel production facilities in various parts of the world. On the other hand, if you plan to make 5G investments in the near future you should be aware of the emerging threats in this field. With faster communication you can start to reinforce your IT infrastructure for potential cyber-attacks in the 5G era which will allow cyber-physical environments to operate more efficiently. Although 5G promises a faster communication age, it could easily be the focus of targeted cyber-attacks as its security protocols are more complex. IoT-connected drones, autonomous vehicles and smart networks are also among new threat elements for cyber-physical systems.
Plan the Security of Cyber-Physical Systems
You first need to set the business strategy of your organization in order to plan the security of cyber-physical systems. You should then identify the relevant technological factors and environmental trends related to your organization. Lastly, you can match all your assessments with the cyber-physical risk outlook to make your IT infrastructure more secure.
Do not ignore the possibility of different cyber threats in an environment lacking such and similar plans. For example, a significant increase in ransomware attacks against critical infrastructures was observed according to the data collected by Gartner in recent years from the Temple University in the city of Philadelphia in Pennsylvania, United States. The frequency of such attacks was 2 in 2013 and increased to 297 in 2020 (until September). The rate was 204 in 2019. In other words, a significant increase can be observed even when comparing 2020 to 2019.
Data and Access Security in Cyber-Physical Systems
Another data shared by Gartner should be highlighted to emphasize the importance of cyber-physical systems in terms of data and access security. Accordingly, the most important factor affecting the functioning and control of information security is IoT and cyber security systems at 43%. It would thus be realistic to expect an increase in this ratio with the spread of 5G and IoT networks.
On the other hand, recent examples show the importance of including cyber-physical systems in the security network of your IT infrastructure using the Privileged Access Management. This is because ransomware attacks can cause serious damage in your business flow by directly threatening the physical structures of your organization. For example, the operations of a natural gas supply facility in the United States, which we mentioned at the start of this article, came to a halt for two days as a result of an intentional shutdown to manage a ransomware attack.
Likewise, the Australia based logistics company Toll Group, operating in more than 1200 locations across 50 countries with 40,000 employees had to halt its operations for some time due to a ransomware attack that caused unexpected delays in its customer shipments. Also, an Australia based steel manufacturer BlueScope Steel Limited had a ransomware attack on May 14, 2020 and all its operations were interrupted across the country.
Furthermore, a report published by cyber security company Draktrace states that cyber attackers attempted to make ransomware attacks using an aquarium with an internet connection. The company stated that hackers attempted to steal data from a casino in North America using sensors connected to a computer regulating the temperature, cleaning and feeding program of a fish tank. The common aspect of all these cases is privileged account or privileged account access information was seized or that they were a part of the supply chain.
Our Privileged Access Management (PAM) product Single Connect maximizes the protection of authorized account information and helps organizations ensure data and access security in cyber-physical systems through its modules. Single Connect protects the privileged accounts within your organization and your physical systems connected to both your supply chain and your cyber security network with its modules that ensure end-to-end data security in your IT infrastructure.
Single Connect's following modules make your cyber-physical systems more secure with the help of their various functions.
Privileged Session Manager: This module allows you to control all the sessions in your IT infrastructure. It thus becomes easier to prevent potential confusions concerning access management.
Central Password Management: This module allows you to verify all the privileged sessions in your network, offers a fully-encrypted infrastructure and stores the passwords of privileged accounts in vaults isolated from the system.
Two-Factor Authentication: This module requests simultaneous place and time authentication from users seeking to login to the system and prevents unauthorized and unauthenticated access.
Dynamic Data Masking: This module records and masks all the actions of system admins in the network and prevents any suspicions regarding the actions.
Privileged Task Automation: Increases efficiency and eliminates service interruptions by automating routine tasks.
TACACS+/RADIUS Access Management:This module offers comprehensive authentication and extends multi-login capabilities and cyber security policy configurations.