OT Security
08.Oct.2020
Minimizing threat risk with establishing industrial control cybersecurity process and obtaining international verification
In the past few months, there have been many major domestic cybersecurity incidents . During May, the large petrochemical company and the semiconductor assembly and test factory were infected with ransomware. During June, the automation equipment factory was infected with ransomware, and the PCB manufacturer was infected with viruses. In July, the major wearable device manufacturer was also attacked with ransomware. At the same time, more and more malicious programs designed for industrial control equipment have been exposed, such as EKANS (Snake) targets GE's Historian, LogicLocker targets PLC, and Triton targets Schneider's TriconexSIS controller.
Jasper Liu, the development director of Onward Security reminded the manufacturing industry that cybersecurity threats should not be ignored. These incidents that have come to the fore are actually just the tip of the iceberg. The number of smart manufacturing cybersecurity issues has exceeded everyone's imagination. On average, there are 2 to 4 related attacks every day. The main reason is that most of the OS used in the factory is Windows, so some viruses designed to attack the office can also infect the factory. Secondly, the frequency of APT attacks on the factory is increasing. The attacks are often mixed with different attack techniques, which greatly increase the difficulty of detection.
In addition, many of the victims of attack incidents have something in common. Their networks (including office networks, service networks, industrial control networks, development networks, etc.) have not been properly isolated based on risks, so that a single vulnerability can cause all of them to be infected. Besides, the security management of suppliers is generally inadequate as well.
Since the OT cybersecurity incidents come thick and fast, more and more the related laws and regulations have come out at home and abroad. For example, the domestic semiconductor industry players form a supplier security alliance, and cooperate with SEMI to formulate cybersecurity standards for semiconductor machines. It is proposed to stipulate that machines should not use the EOS system. It also considers ways to reinforce security to prevent vulnerabilities in response to the operating characteristics of the OT network that does not shut down, interfere or update.
Onward Security participates in the cybersecurity plan of smart machinery. After research, the company has been found that many enterprises do not neglect cybersecurity, but their thinking about protection is biased towards "technical solutions" and ignores the awareness of cybersecurity at the management level. In addition, the current cybersecurity solutions adopted by most enterprises are unverified. These companies also do not have a system to regularly perform vulnerability scanning and penetration testing, and generally lack a continuous improvement mechanism, as well as a supervision and management mechanism for outsourced vendors. All of these need to be improved urgently, but how to remedy the existing cybersecurity deficiencies step by step? Regarding this, Jasper Liu suggested referring to the IEC62443 standard as a CheckList. If factory managers want to strengthen cybersecurity according to IEC62443, they can follow the IEC62443-2-4 standard, but it still needs to be combined with a third-party endorsement.
Onward Security is the first company in Taiwan to establish a security testing laboratory for embedded devices. It is not only the only cybersecurity testing laboratory authorized by Amazon in Taiwan, but also the first cybersecurity laboratory authorized by CTIA in Asia. The company has assisted many manufacturers to establish industrial control cybersecurity process and obtain international certificates.
For manufacturers intending to seek assistance and enhancement in cybersecurity, Onward Security offers its services in four stages. The first stage is called "Situation Assessment", which assesses the current cybersecurity maturity of the enterprise or manufacturer. The second stage is called "System Establishment", which helps enterprises or manufacturers to implement cybersecurity protection through management. The third stage is called "Cybersecurity Verification", providing various services including overall field testing, single device testing, penetration testing, red teaming drills, etc. The last stage is called "Sustainable Cybersecurity", which assists companies to integrate cybersecurity into the corporate culture and values to achieve the goal of continuous improvement and long-term security.
Jasper Liu, the development director of Onward Security reminded the manufacturing industry that cybersecurity threats should not be ignored. These incidents that have come to the fore are actually just the tip of the iceberg. The number of smart manufacturing cybersecurity issues has exceeded everyone's imagination. On average, there are 2 to 4 related attacks every day. The main reason is that most of the OS used in the factory is Windows, so some viruses designed to attack the office can also infect the factory. Secondly, the frequency of APT attacks on the factory is increasing. The attacks are often mixed with different attack techniques, which greatly increase the difficulty of detection.
In addition, many of the victims of attack incidents have something in common. Their networks (including office networks, service networks, industrial control networks, development networks, etc.) have not been properly isolated based on risks, so that a single vulnerability can cause all of them to be infected. Besides, the security management of suppliers is generally inadequate as well.
Since the OT cybersecurity incidents come thick and fast, more and more the related laws and regulations have come out at home and abroad. For example, the domestic semiconductor industry players form a supplier security alliance, and cooperate with SEMI to formulate cybersecurity standards for semiconductor machines. It is proposed to stipulate that machines should not use the EOS system. It also considers ways to reinforce security to prevent vulnerabilities in response to the operating characteristics of the OT network that does not shut down, interfere or update.
Onward Security participates in the cybersecurity plan of smart machinery. After research, the company has been found that many enterprises do not neglect cybersecurity, but their thinking about protection is biased towards "technical solutions" and ignores the awareness of cybersecurity at the management level. In addition, the current cybersecurity solutions adopted by most enterprises are unverified. These companies also do not have a system to regularly perform vulnerability scanning and penetration testing, and generally lack a continuous improvement mechanism, as well as a supervision and management mechanism for outsourced vendors. All of these need to be improved urgently, but how to remedy the existing cybersecurity deficiencies step by step? Regarding this, Jasper Liu suggested referring to the IEC62443 standard as a CheckList. If factory managers want to strengthen cybersecurity according to IEC62443, they can follow the IEC62443-2-4 standard, but it still needs to be combined with a third-party endorsement.
Onward Security is the first company in Taiwan to establish a security testing laboratory for embedded devices. It is not only the only cybersecurity testing laboratory authorized by Amazon in Taiwan, but also the first cybersecurity laboratory authorized by CTIA in Asia. The company has assisted many manufacturers to establish industrial control cybersecurity process and obtain international certificates.
For manufacturers intending to seek assistance and enhancement in cybersecurity, Onward Security offers its services in four stages. The first stage is called "Situation Assessment", which assesses the current cybersecurity maturity of the enterprise or manufacturer. The second stage is called "System Establishment", which helps enterprises or manufacturers to implement cybersecurity protection through management. The third stage is called "Cybersecurity Verification", providing various services including overall field testing, single device testing, penetration testing, red teaming drills, etc. The last stage is called "Sustainable Cybersecurity", which assists companies to integrate cybersecurity into the corporate culture and values to achieve the goal of continuous improvement and long-term security.
