Phishing and detection arms races ramp up

Nov. 18, 2020
System integrator Grantek details how cybersecurity providers are ramping up their efforts

Unfortunately, just as cybersecurity remedies improve, malware also grows more sophisticated and widespread.

"With so many people working at home due to COVID-19, there are more connections to virtual private networks (VPN) at all levels. However, this is inspiring some hackers to develop phishing as a service (PhaaS) as a business model, and offer PhaaS kits with preconfigured code on the dark web," says Jacob Chapman, industrial IT and cybersecurity director at Grantek, a CSIA-certified system integrator and business consultant with offices across the U.S. and Canada. "This lets even amateur users pay a fee and launch their own phishing or fear-mongering campaigns that can be distributed not just via email but also using social media. The pandemic is just an added distraction and hook, which allows them to collect more usernames and passwords that they can resell.  Ultimately, large data sets of user’s personal and professional login credentials end up on markets for others to purchase."

Fortunately, Chapman adds that cybersecurity providers are ramping up their efforts, too, some included as part of the Trump Administration's Operation Warp Speed public-private partnership that's funding COVID-19 therapies, which also requires suppliers to prove their cybersecurity preparedness to receive funding. "Our pharmaceutical and life science clients have varying levels of cybersecurity," he says. "Some have network segmentation and traffic management to prevent malware from moving around within their infrastructure, while others have network intrusion detection systems (NIDS), such as those from Claroty, Nozomi or CyberX."

Chapman explains that NIDS have been required to receive certain funding through  Operation Warp Speed, and administered by the Biomedical Advanced Research & Development Authority (BARDA) at the U.S. Dept. of Health and Human Services (HHS). "Intrusion detection on IT systems is very important, but many users don't realize they also need cybersecurity for their operations technology (OT) that's separate from their information technology (IT). Luckily, funding is available," he adds. "We've seen the requirements from BARDA, and we provided OT solutions to help meet them. As usual, this involves segmenting their networks, installing OT NIDS to look for anomalous ICS traffic or devices that haven't tried to connect before, and hardening devices by reviewing PLC and HMI logic, closing unneeded Ethernet ports, and running only necessary services.

Chapman reports that NIDS help maintain much-needed asset inventories; build a full list of all devices on a process control network; map which devices are communicating with each other; and help determine those needing patching or lifecycle replacement. "IT often has a NIDS, but OT and controls need it, and they make visible an incredible amount of detail, too," he says. "It doesn't just indicate that a PLC is on the network, but shows the position of a run-remote key, for example. It can also identify what module is in each slot on its chassis based on the firmware each one is running, as well as the firmware and known vulnerabilities for each. This list can also map and trace devices, and help users find the cause of certain problems."

Despite its capabilities, Chapman cautions that NIDS isn't a cure-all because cybersecurity must be addressed across entire infrastructures and facilities, and NIDS can't assist networks that are islanded. "NIDS provide a powerful improvement to overall cybersecurity, but it's not a substitute for defense-in-depth approaches which cover all areas equally as IEC 62443 emphasizes. The standard has sections that service providers, hardware manufacturers, and owners and end users need to follow, and allows independent cybersecurity audits and reporting back on how well providers meet its requirements."

[sidebar id=1]

About the Author

Jim Montague | Executive Editor

Jim Montague is executive editor of Control. 

Sponsored Recommendations

2024 Industry Trends | Oil & Gas

We sit down with our Industry Marketing Manager, Mark Thomas to find out what is trending in Oil & Gas in 2024. Not only that, but we discuss how Endress+Hau...

Level Measurement in Water and Waste Water Lift Stations

Condensation, build up, obstructions and silt can cause difficulties in making reliable level measurements in lift station wet wells. New trends in low cost radar units solve ...

Temperature Transmitters | The Perfect Fit for Your Measuring Point

Our video introduces you to the three most important selection criteria to help you choose the right temperature transmitter for your application. We also ta...

2024 Industry Trends | Gas & LNG

We sit down with our Industry Marketing Manager, Cesar Martinez, to find out what is trending in Gas & LNG in 2024. Not only that, but we discuss how Endress...