Five reasons ICS security fragility hasn’t mattered — yet

Brian Contos on the Norse security blog offered “Five Reasons ICS-SCADA Security is Fragile“. I especially liked seeing a blog sponsored by a threat intelligence company include a brief discussion of “zones” — an OT security concept unfamiliar to many IT security practitioners.

The post prompted me to ask, “If ICS security is so fragile, then why are known incidents so infrequent?” and “Why aren’t bad things happening to our infrastructure every day?”

I am not the first to ask these questions. And, while I don’t pretend to have all the answers, I’m offering an alternative to Mr. Contos’ perspective.

Five reasons ICS fragility hasn’t mattered — yet.

1. Product is still being produced. At the end of the day, some process outages are tolerated. Until we have a spike in these outages which we can positively trace to cyber attacks, from a business perspective there isn’t much reason to be concerned.

2. Ignorance is bliss. You can’t catch what you can’t observe. Just don’t install any security sensors on your ICS networks, and you are good to go!

3. The “air gaps” separating IT and OT networks at large ICS installations do provide some security. OK, I’m playing devil’s advocate to the customary “air gaps don’t exist”; but look, some gap, some segmentation, is better than none. Very few, if any, large ICS installations are connected directly to the Internet.

4. Process engineering can defeat cyber attacks. I’m not implying that ICS are built to stop intentional attacks, but where dangerous conditions can occur, physical-world engineering helps avoid those conditions.

5. Successful attacks against ICS for specific, premeditated, physical consequence requires cross-domain expertise. Your average script kiddie might brick your Modicon PLC using the Modbus function code for firmware upload, but he probably can’t predict what that will do to the process relying on that PLC.