August 2021

COMMENT n A BITCOINMINE ON YOUR SHOPFLOOR? Hardly a week goes by without cyber-researchers announcing that they have found a cyber-flaw in an industrial control system (ICS) that, if exploited, could bring production lines to a costly and potentially dangerous halt. Almost every controls manufacturer has been named at some point, often for older controllers that were developed before cybersecurity was a major issue. The scale of the potential problem is obvious if you visit the Web site of the Cybersecurity & Infrastructure Security Agency (Cisa) run by the US Government’s Department of Homeland Security. In June alone, Cisa’s Industrial Control Systems Cyber Emergency Response Team (ICS-Cert) issued almost 50 “advisories” about security issues and vulnerabilities discovered in control systems. They affect almost every controls brand. The fact that so many control systems appear to be have cyberflaws might sound alarming. But the cyber-researchers who discover the flaws usually warn the manufacturers long before they reveal the problem publicly. This gives the manufacturers time to issue patches to tackle the flaws, and to offer guidance on how to minimise risks. And, in any case, the announcements of the flaws are usually accompanied by the reassurance that there are no known incidents of the flaw having been exploited. Until recently, vulnerabilities in ICSs have been seen mainly as a way of malicious “actors” disrupting production or stealing data. But a new risk has emerged. According to the cybersecurity firm, Trend Micro, some hackers are now hijacking ICSs to “mine” for cryptocurrencies like Bitcoin. Bitcoin mining requires immense computing power – and, consequently, vast amounts of energy. According to one estimate, these activities consume around 120TWh a year– equivalent to 0.55% of global power consumption, or the energy consumed by a country the size of Sweden. In a quest to do their mining without having to pay for the computing power or the energy bills, some coin-miners are accessing ICSs – mainly via unpatched operating systems – and using the ICS CPUs to do their work for them. This can affect control system performance, leading to a potential loss of control, especially on systems that have low CPU capacity or are running outdated operating systems. Trend* also identifies another growing threat to ICS – ransomware attacks which can result in downtime or the theft of sensitive data. The merging of IT and OT functions in ICSs has made them more vulnerable to such attacks. If ransomware finds its way on these systems, it can disrupt operations and increase the risk of designs, programs, recipes and other sensitive information reaching the “dark Web”, Trend cautions. It warns of “big game hunters”who first find an ICS that could be compromised, identify the key systems in the network that would cause the most disruption, and then coerce the victims into paying ransoms. According to Trend, the presence of ransomware in several ICS attacks might indicate that the cyber-criminals are starting to target these systems actively. Sensible precautions, such as not connecting ICSs to the Internet, can help to reduce the risks, but we obviously need to beware that our control systems are not being hijacked to perform dirty deeds for bad actors. Tony Sacks, Editor * For more on the Trend report, see https://drivesncontrols.news/ejvx4u

RkJQdWJsaXNoZXIy MjQ0NzM=