Sectrio

Exploding pagers and the new face of asset-centric warfare  

By Prayukth K V
September 20, 2024
Exploding pagers and the new face of asset-centric warfare (1)

Summary


The recent detonation of hand-held communication systems in Lebanon has extended the frontlines in the battle for geo-political supremacy. In industrial environments, all connected systems can be manipulated to operate beyond their approved operational envelope to unleash a wave of destruction that can lead to loss of lives and infrastructure. How does this trend impact OT asset owners and operators and can anything be done to protect them? Let’s find out.
Pager,OT/ICS,Asset

The explosion of the Soviet gas pipeline in 1982 was one of the first well-known instances of critical infrastructure being targeted through a software modification that contained a hidden malfunction.

In this instance, the Soviets were stealing Western technology and the CIA slipped the flawed software to them without their knowledge. While the explosion itself didn’t cause any fatalities, it did cause some damage to the Soviet economy as per Washinton Post.     

With the intensification of hybrid warfare, we have seen multiple attacks on ICS-based critical infrastructure in Europe and the Middle East. These attacks were designed not just to destabilize the systems but also to cause a major kinetic impact.

No systems or assets are out of bounds today. State-backed actors from countries like North Korea are not just after technology and revenue but also act as conduits for other countries to infiltrate the critical infrastructure of their adversary nations.  

Read more: Buyers guide to OT/ICS cybersecurity solutions

A case study  

In a recent instance, Sectrio’s Asset Research Team uncovered an anomaly in hardware supplied to a critical infrastructure operator. In this instance, same OEM supplied was supposed to supply the same hardware to two divisions of the same business.

However, the hardware supplied to one entity, when examined, showed a deviation that was found to enable a backdoor communication with an obscure server using a now obsolete protocol that was sparingly used in the 90s.  

The OEM in this case claimed that the anomaly was a generational remnant from an old version. How it made its way to only one piece of hardware and not the other is a question that was not answered to our satisfaction.

The hardware belonged to the same batch and even had sequential serial numbers adding to the mystery.   

This could be a genuine error but it is an error that could potentially be exploited by a bad actor.  

Supply chain challenges

As the Lebanon episode clearly showed, OEMs now have to ensure the integrity of their hardware well beyond their shop floors. ICS/OT operators should also watch out for anomalous behaviors and risky interactions that could jeopardize operations and plant safety levels.

One way of offsetting these challenges is to ensure the systems undergo Security Acceptance Tests (SAT) along with Factory Acceptance Tests (FAT). This will ensure the integrity of the assets and call out any security issues before they are added to the infrastructure.  

A ‘maker-checker’ approach is the way to go.  

Recommended cybersecurity measures to risk-proof ICS assets 

While IEC 62443 and NIST CSF-based risk assessment and gap analysis is a good place to start, the outcomes of such an assessment can and should be used across the enterprise to improve security posture.

Here are some of the other steps that can be taken to secure ICS and OT assets and infrastructure: 

  • Network segmentation is a must-do. All key assets can be placed behind microsegmented zones that provide an added layer of security. This could also be paired with granular controls for crown jewels or legacy systems   
  • Security acceptance tests should be considered a priority for new assets before adding them to the network   
  • Network threat detection and vulnerability management are also essential. All vulnerabilities should be addressed in a time-bound manner  
  • Security responsibilities should be clearly identified and assigned  
  • Security operations teams should be enabled to operate efficiently without fatigue.   

Reach out to us now.

Conduct an IEC 62443/NIST-CSF based risk assessment and gap analysis now!

 Thinking of an ICS security training program for your employees? Talk to us for a custom package.   

Summary


The recent detonation of hand-held communication systems in Lebanon has extended the frontlines in the battle for geo-political supremacy. In industrial environments, all connected systems can be manipulated to operate beyond their approved operational envelope to unleash a wave of destruction that can lead to loss of lives and infrastructure. How does this trend impact OT asset owners and operators and can anything be done to protect them? Let’s find out.

Summary


The recent detonation of hand-held communication systems in Lebanon has extended the frontlines in the battle for geo-political supremacy. In industrial environments, all connected systems can be manipulated to operate beyond their approved operational envelope to unleash a wave of destruction that can lead to loss of lives and infrastructure. How does this trend impact OT asset owners and operators and can anything be done to protect them? Let’s find out.
Exploding pagers and the new face of asset-centric warfare (1)

Read More

Protecting your critical assets is only a few steps away

Scroll to Top