Michał Stępień
Network segmentation in protection of industrial control systems
In recent years, industrial control systems have repeatedly been the victim of cyberattacks. The multidimensional attack on Ukraine’s energy infrastructure deprived of energy of nearly 225,000 users. Can network segmentation help protect against an attack or reduce its effects?
Cyber attacks on industrial systems. Is the threat real?
Hacker attacks are an increasingly serious problem that can seriously threaten the functioning of factories or power networks. It should be noted that we are talking about specific, effective attacks, and not the incidents themselves. Let’s examine some of them:
- 2010 – Stuxnet – attack on uranium enrichment infrastructure in Iran using malicious software. The indirect target of the attack was the SCADA system and PLC controllers. Reports report that the consequence of these activities was a delay in the program.
- 2015 – a multidimensional attack BlackEnergy on Ukraine’s energy infrastructure. Adversaries used sophisticated methods of attack: they were able not only to switch individual circuit breakers on power substations, but also to modify the firmware of selected devices to thus affect hardware converters, such as serial – Ethernet gateways. The power supply interruptions affected 225 thousand users.
The first of the recommendations that were passed in the SANS document describing in detail the attack on the power infrastructure of Ukraine in 2015 and 2016 was to conduct appropriate segmentation of the network. The use of the correct division based on the reference model of network architecture – Purdue Model may contribute to delaying the finalization of an attack or to limiting its effects.