Unfortunately, just as cybersecurity remedies improve, malware also grows more sophisticated and widespread.
"With so many people working at home due to COVID-19, there are more connections to virtual private networks (VPN) at all levels. However, this is inspiring some hackers to develop phishing as a service (PhaaS) as a business model, and offer PhaaS kits with preconfigured code on the dark web," says Jacob Chapman, industrial IT and cybersecurity director at Grantek, a CSIA-certified system integrator and business consultant with offices across the U.S. and Canada. "This lets even amateur users pay a fee and launch their own phishing or fear-mongering campaigns that can be distributed not just via email but also using social media. The pandemic is just an added distraction and hook, which allows them to collect more usernames and passwords that they can resell. Ultimately, large data sets of user’s personal and professional login credentials end up on markets for others to purchase."
Fortunately, Chapman adds that cybersecurity providers are ramping up their efforts, too, some included as part of the Trump Administration's Operation Warp Speed public-private partnership that's funding COVID-19 therapies, which also requires suppliers to prove their cybersecurity preparedness to receive funding. "Our pharmaceutical and life science clients have varying levels of cybersecurity," he says. "Some have network segmentation and traffic management to prevent malware from moving around within their infrastructure, while others have network intrusion detection systems (NIDS), such as those from Claroty, Nozomi or CyberX."
Chapman explains that NIDS have been required to receive certain funding through Operation Warp Speed, and administered by the Biomedical Advanced Research & Development Authority (BARDA) at the U.S. Dept. of Health and Human Services (HHS). "Intrusion detection on IT systems is very important, but many users don't realize they also need cybersecurity for their operations technology (OT) that's separate from their information technology (IT). Luckily, funding is available," he adds. "We've seen the requirements from BARDA, and we provided OT solutions to help meet them. As usual, this involves segmenting their networks, installing OT NIDS to look for anomalous ICS traffic or devices that haven't tried to connect before, and hardening devices by reviewing PLC and HMI logic, closing unneeded Ethernet ports, and running only necessary services.
Chapman reports that NIDS help maintain much-needed asset inventories; build a full list of all devices on a process control network; map which devices are communicating with each other; and help determine those needing patching or lifecycle replacement. "IT often has a NIDS, but OT and controls need it, and they make visible an incredible amount of detail, too," he says. "It doesn't just indicate that a PLC is on the network, but shows the position of a run-remote key, for example. It can also identify what module is in each slot on its chassis based on the firmware each one is running, as well as the firmware and known vulnerabilities for each. This list can also map and trace devices, and help users find the cause of certain problems."
Despite its capabilities, Chapman cautions that NIDS isn't a cure-all because cybersecurity must be addressed across entire infrastructures and facilities, and NIDS can't assist networks that are islanded. "NIDS provide a powerful improvement to overall cybersecurity, but it's not a substitute for defense-in-depth approaches which cover all areas equally as IEC 62443 emphasizes. The standard has sections that service providers, hardware manufacturers, and owners and end users need to follow, and allows independent cybersecurity audits and reporting back on how well providers meet its requirements."
[sidebar id=1]
