ICS-CERT Alert Addresses New Malware Attacks on Industrial Controls Systems

Bayshore Blog Post

by Francis Cianfrocca, Founder & CEO Bayshore Networks

October 29, 2014

Yesterday, ICS-CERT issued an alert regarding an "Ongoing Sophisticated Malware Campaign Compromising ICS."

The attacks described in the advisory are of an extremely worrisome kind. It's commonplace for industrial control-system software to be deployed on Windows machines (servers and workstations), and this won't change soon because these software products are very slow to evolve. Typically, workstations that run control software are dual-homed (one leg in the machine network and one on the IT side), but without very careful controls, even this defense model is easily defeated by advanced malware.

The old saw is still true: the most dangerous threats are the ones carried in data streams themselves. Even the most effective firewalling and malware detection schemes will miss many attacks.

The defense-in-depth techniques recommended by CERT and others are an essential first step. But the real answer is to combine them with content-aware policy enforcement systems that can actually filter unsafe control signals right out of the machine-level traffic.

Kirby Wadsworth

As Chief Marketing Officer at Bayshore Networks, Kirby is on a mission to educate and inspire leaders to act now to protect our industrial infrastructure - and our way of life - from cyber threats. Bringing more than two decades of executive leadership in both public enterprises and emerging startups, Kirby is a published author, keynote speaker, teacher, and frequent contributor to over 20,000 online followers.