Helmets, vests, special shoes, harnesses and more. The industrial world is full of security measures. However, those precautions that are taken on the production line have no correlation with cybersecurity – the industry is so backward that it even has machines running with DOS, Windows 95 and operating systems that have not been updated for more than 30 years. And this is extremely dangerous.
That’s how he said it Hernando CastiglioniFortinet senior manager for Argentina, Uruguay, Paraguay, Bolivia and Venezuela, at the 2022 edition of the Xperts Summit held in Cancun: “Cyber security today is the problem for which the industry cannot evolve to the next step”, he assured in dialogue with Clarionecategorical.
Cyber attacks against the industrial world are very serious: from nuclear reactors that can blow up an entire city, through ransomware like the one suffered by Ingenio Ledesma in March of this year in Argentina, to the total shutdown of a line of production, as happened with the energy company Colonial Pipeline last year in the United States. And there are also cases that don’t make the headlines, like Southern gas transportation in April of this year, attacked by Black Cat (ALPHV).
While it may seem surprising, the cybersecurity measures in this area, known as OT (Operating Technology), are almost nil. And this has its reasons: “There is something about not wanting to touch things that work well, many times those systems cost a lot of work and effort to make them work, and changing something can be a great impact on the entire supply chainEverything must be approached very carefully “.
This poses a huge danger: using old systems, they have no security updates and are highly vulnerable. This is where the OT category comes into play, or the cybersecurity of industrial systems, which has the tough challenge of updating these practices in the face of the risks associated with today’s cyber attacks.
Here, the expert told Clarín, in collaboration with the specialized media IT Now, the challenges of a sector extremely sensitive to cyber attacks.
─ What is the landscape of industrial technologies?
─ Historically, the industry had networks that came from the serial world, which they always have been separate of the traditional IT world: internet networks, mail, file sharing.
─It is what we call “air gap”, A separation between industry and ethernet communications with the world of the Internet. These networks manage many sensors, actuators, ways of measuring and controlling processes, with systems that come from the 60s or 70s. A transport network, electricity, oil, manufacturing: all these systems were not designed or born with a logic of protection from cybersecurity. The most of the protocols are old
─ How vulnerable are industrial networks to cyber attacks?
─The majority, not to mention 99% of industrial networksThey are highly vulnerable. Let’s think of a ransomware that enters an industry, has a totally green and free land to do what it wants inside. This can have a huge impact on people’s lives too, because it can stop a basic public service such as transport, electricity.
─What is the most dangerous thing you have seen?
─ There are cases where clients send information from one environment to another with a USB pendrive. Since the networks are not connected to the Internet, they use these devices and send information from one place to another. That’s all extremely dangerous because if that pen is infectedis receiving malware [virus] within the entire network.
─Do you not use authentication systems?
─ In many cases, no. There are many manufacturers of industrial technology operating in the sector, i.e. manufacturers come with their staff and work on the network. Well, this access to the industrial network is given in a totally insecure way: there is no authentication, there is no validation, there is no monitoring to know if that person who is connecting your communication equipment, your laptops, can be potentially harmful. for network health.
─And how do they connect to the Internet, if they are such old equipment?
─We have seen cases where perhaps a person connects remotely and whoever has the capacity does so through a 4G modem, a phone and you access the industrial network through that phone because you are connecting remotely. Maybe he comes from another country. So this too is extremely dangerous for a network and can lead to big problems.
─What is the most dangerous attack on industries today?
─We are seeing that the threats have evolved a lot. Today, when a machine is encrypted by ransomware, ransomware is the last step in removal what they do with the PC or computer attacked: they will get a lot of previous information before encrypting the machine. First they catch with a keylogger [programa que graba lo que el usuario presiona] all they can. So they steal passwords, get email data, sensitive information, documents. And the last thing they do is encrypt. There are advanced persistent threats (APTs). I land on a network and stay there for years, get information, waiting for the right moment to act, acquiring data, planning how to achieve my goal. All of these techniques are very dangerous.
Migrate technologies, move an elephant
─ In the industrial world, how feasible is it to migrate from technology to safer systems?
─You think there are equipment in the industry that may have been running for literally 30 years. It’s amazing because in the world of IT, startups or big tech companies that we all know, things turn on and off much more frequently, they get updated all the time. in OT they almost never update: updating the software is an unthinkable thing, but above all because we are talking about an industry with old equipment, simply because if one is updated, it has a direct impact on other computers.
─ And can that software be changed?
─The software you are running might be so old that there is no way to update it. Obviously it is not necessary to replace everything to modernize the industry, what is needed is to simply understand that from the topology there must be some control mechanism and IT security which allows me to segment the different networks so that in case of problems you can isolate it.
─Is there a cultural theme that resists change?
─Yes, there is a cultural problem because they are two completely different universes. In industry, the safety of people is of the utmost importance. There are checks in terms of physical security and there are machines that must work and cannot be cut. In the IT world, the internet is cut, they go out for coffee for 10 minutes, they come back, the internet is just back. The industrial operation is different: if it is cut for 5 minutes it can have a huge impact.
─ What operating systems do you usually use?
─All, but there is a lot Windows XP or up to Windows 95. It is normal to find them in this type of environment, we have systems and programs that only run on Windows 95. So we are developing some of the solutions we have for those old systems, just to be able to offer protection to someone who naturally couldn’t have it, because you have a way to to upgrade an operating system from 30 years ago?
a regional problem
─ Which Argentine companies do you work with?
─We work with many Argentine companies. We try not to name names, but we have the 50% of the marketwith which one in 2 firewall – which is what cyber security is associated with – that are sold at the company level are 50%.
─How is this problem in state-related industries?
─It is difficult, the state is very large. You can’t always invest what it takes to fix some problems, data breaches are very common. A lot of progress has been made in the last period, compared to other periods. At Fortinet, we work with technology specifically dedicated to finding leaked data and alerting the customer before anyone else finds out. On the one hand, let’s analyze what’s on the dark web and look at what’s being shared. On the other hand, let’s experience: where did it come from and what happened?
─ Is it a problem in Latin America or in the world?
─ It happens to everyone. All industries in all segments have very similar but at the same time very specific problems. When we talk today about Smart Grids or Smart Cities, Smart Buildings, buildings, hotels, banks, everyone today has an industrial network in one way or another that controls different and different things. And there you have old protocols, total absence of encryption. And lack of visibility: if there is an attack on a neutral network, no one would know what is happening or why.
─How do you work to counter all these dangers you describe?
─Our work in OT is investigate what can be done to try to protect those networks from any kind of attack. Most cybersecurity companies don’t focus much because they don’t have the market size of the IT world, so it’s important to be able to provide this kind of support service to older systems.
About Fortinet Xperts Summit
Fortinet Xperts Summit is an annual summit held fortnite, one of the largest cybersecurity companies. The event brought together cybersecurity experts for 4 days, October 24-28, and brought together communities from Canada, Latin America and the Caribbean.
Specialized workshops, talks, round tables and updates on ongoing debates on cyber security were organized. Some of them, dedicated to journalists from the region.
Clarione participated in the 2022 edition of the event, held in Cancun, Mexico. The first global talks (keynotes) focused on updates to firewalls, private networks (VPNs) and Strong OS (the company’s operating system, a distribution of Linux), in addition to cloud services.
To a large extent, the “zero trust” strategy was the leitmotif of the event: Zero Trust Network Access (ZTNA), i.e. assuming that cybersecurity threats can enter through any actor, including employees or workers of an entity .
The event ended on Friday last week with around 400 attendees.