Attacks on 27% ICS computers detected in the Middle East
Industrial control systems (ICS) are used to run modern critical infrastructure, including energy stations and nuclear power plants. These objects operate at constant risk of being cyberattacked. According to the statistics from Kaspersky ICS CERT revealed at Cyber Security Weekend – META 2023, attacks were detected on 27% of ICS computers in the Middle East in Q1 2023. To protect nuclear power plants from cyber threats, Kaspersky has developed a unique secure-by-design approach to their protection that eliminates the chance of cyberattacks affecting the infrastructure.
Kaspersky’s secure-by-design approach implies using different kinds of cybersecurity solutions at nuclear power plants, including network firewalls, data diodes, monitoring solutions, intrusion detection systems, endpoint protection, operational technology & IoT cybersecurity, and cybersecurity for networks and for nodes.
A secure-by-design approach in general means that an IT-enabled system (or facility) is built from scratch in a way that protects against malicious cyber actors getting access to devices, data, and connected infrastructure. This approach is based on system inherent security. The system should remain in a secure and safe state throughout its lifetime, reducing the cost of high-quality protection.
Kaspersky has developed a complete set of documentation for implementing secure-by-design IT infrastructure at nuclear power stations. Kaspersky’s approach to risk management covers the choice of contractors, equipment, hardware, and software, and takes into account new types of computer threats, as well as the existing tactics and techniques of attacks. The documentation contains the description of a nuclear power plant IT architecture, relevant recommendations, and ensuring the cybersecurity and information security of nuclear power plants throughout their long-life cycle.
“On our usual computer at home or at the office we use traditional ‘on top’ or ‘add on’ protection solutions. They do a good job of protecting us from attacks at this level. But when it comes to nuclear power plants, the approach to their protection should be different. Nuclear and radiological safety, plant availability, and reliable electricity supply are determined, among other factors, by cybersecurity,” comments Ekaterina Rudina, Security Analysis Group Lead at Kaspersky ICS CERT. “Nuclear power plant protection should be thoroughly planned at the early stages of plant design. Kaspersky’s approach to nuclear power plant cybersecurity is compliant with all standards and recommendations of international organizations, including the International Atomic Energy Agency (IAEA).”
To keep power plants and other critical infrastructure protected from various threats (even if they have not been designed with security in mind) Kaspersky experts recommend:
- Conduct regular security assessments of operational technology systems to identify and eliminate possible cyber security issues.
- Perform timely updates for the key components of the OT network; applying security fixes and patches or implementing compensating measures as soon as it is technically possible is crucial for preventing a major incident that might cost millions due to the interruption of the production process.
- Establish continuous vulnerability assessment and triage as a basement for an effective vulnerability management process. Stay up-to-date with unique ICS Vulnerability Data Feeds from Kaspersky ICS CERT that contain comprehensive and timely information.
- Protect Industrial Automation and Control Systems with an ecosystem of specialized, certified and natively integrated products and a comprehensive set of services. Dedicated solutions like Kaspersky Industrial CyberSecurity may become an efficient tool for mature detection and response to cyberattacks on industrial environments.
- Consider Analytical Reports on ICS threats and threat feeds on the Kaspersky Threat Intelligence Portal to get additional information for your Security Operations Center.
- Improve the response to new and advanced malicious techniques by building and strengthening your teams’ incident prevention, detection, and response skills. Dedicated OT security training for IT security teams and OT personnel is one of the key measures helping to achieve this.