vulnerable spot
A notice from the Federal Service for Technical and Export Control of the Russian Federation (FSTEC) warns that developers of software and equipment for automatic control systems used in production and technological processes within critical information infrastructure facilities face significant cyber threats. The message, published on the agency’s site, highlights the risk of large scale attacks targeting this sector.
FSTEC does not disclose specific incidents, but its threat analyses indicate that foreign cybercriminals are preparing new assaults against these organizations. The focus is on control systems (APCS) that manage the operations of critical information infrastructure objects. Such infrastructure includes segments of the fuel and energy complex, nuclear power, chemical industries, mining and metallurgy, as well as sectors like healthcare, finance, transportation and communications, among others.
The FSTEC briefing also covers developers of systems that regulate nuclear reactors, turbines in hydroelectric stations, blast furnaces in factories, chemical reagent production facilities and railway networks.
Pavel Korostelev, head of the product demonstration division at a security code company, reports that attacks against critical infrastructure facilities and their control system developers have risen. He notes a marked increase in events after February 24 across this niche. “Three to five sectors stand out as heavily targeted: finance, communications, industry, defense and energy”, he said, underscoring the broad reach of these campaigns.
In contrast, Cisco Systems security consultant Alexey Lukatsky observed more frequent attempts against CII facilities than against ICS developers, citing information he described as confidential from Russia’s FSTEC. Evgeny Goncharov, head of the industrial systems security research center at Kaspersky Lab, shares this assessment.
Experts emphasize that the growing emphasis on protecting automated control systems has not convinced many owners of these systems to invest adequately in defenses. The risk of supply chain attack scenarios is real, and many attackers remain novice, though their attempts can still disrupt critical operations.
Socialbites.ca sought comment from FSTEC on the matter.
The Little Bang Theory
Experts stress that because ICS control businesses hold high strategic importance, successful intrusions into their developers can trigger severe consequences. Lukatsky warns that a successful breach could lead to environmental disasters or loss of life. He cites examples such as a conveyor line that halts parts production for military equipment or an altered food formula causing poisoning. Disruptions in oil extraction or refining could follow as well.
Goncharov notes that even non expert attackers can impact the operation of automated control systems in some scenarios. Nikolai Yurchenko of R-Vision adds that a potential goal of attacks on developers might be to plant backdoors into products. Once a facility ships an automated control system into operation, intruders could exploit these backdoors to cause major damage to the business.
Yurchenko warns that successful attacks pose risks beyond money and reputation. They can trigger emergencies, production shutdowns, transport and communication interruptions, and even large scale humanitarian or human losses. Alexei Novikov of the PT Center for Expert Security notes that some attacks on ICS developers may target simpler aims such as information gathering. Access to a manufacturer’s infrastructure could allow attackers to impersonate a company employee and send phishing emails to clients, with the trusted sender increasing the chance of a successful breach.
What Should Be Done
Alongside the warning, FSTEC provides a broad set of recommendations for developers to reduce attack success. Key steps include inventorying public web services, disabling unused resources, strengthening administrator and user password policies, and implementing two factor authentication for remote connections to information infrastructure, among other measures.
Industry observers from Cisco Systems describe these recommendations as sound. They note that a capable information security service within an institution will guide priority protection measures and ensure rapid action during incidents.
R-Vision’s team echoes this view, saying that FSTEC’s guidelines outline essential steps to quickly detect cyberattacks in many cases. In some situations, these measures can help regain control and buy time to deploy additional protections for the organization.