|”Industrial control networks are notoriously soft targets — they’re rife with vulnerabilities such as outdated Windows systems, unpatched firmware in controllers, flat topologies, unauthorized internet connections, and lack of monitoring. As a result, we expect nation-state attacks on industrial and critical infrastructure networks to continue — as we’ve seen in the past with Black Energy, Industroyer, TRITON, and NotPetya — from the usual suspects including Russia, Iran, North Korea, and China.
An interesting twist is that we expect to see an uptick in cybercriminal organizations getting in the act for financial gain. You can easily imagine cybercriminals installing back-doors in industrial networks and then renting them out to others for crypto-mining, ransomware, and theft of intellectual property about proprietary manufacturing processes. Ransomware in industrial networks is particularly worrisome since the cost of production downtime is typically measured in millions of dollars per day — not to mention the chaos caused by interrupting the flow of water or electricity to civilian populations.
Of course, with limited resources and 24×7 operations, you can’t address all vulnerabilities at the same time. We believe that the most effective way to reduce ICS risk is to use threat modeling to prioritize mitigations for your most critical assets and processes, with continuous ICS network monitoring deployed as a compensating control to catch breaches in their early phases — before attackers can do any serious damage.”