Industrial Control Systems (ICS) are used to manage the internal operations of facilities by allowing communication with physical devices. They are used in automated plants, factories, and many other types of facilities. Places using ICS allow operators to control, command and monitor whatever is going on. For example, in a gas facility, they allow operators to control valve pressure and receive alerts if something is not working correctly.
As facilities become more connected and automated, they become more productive. At the same time, they are exposed to new risks – including cybersecurity attacks – because they are operated (and can be reached) remotely. That makes these systems very tempting for cyber-attackers. The intentions of cyber attackers are not always clear, but usually they seek to: (1) block or delay the flow of information; (2) introduce unauthorized changes to instructions, commands, or alarm thresholds; (3) send inaccurate information regarding system operations; (4) modify ICS software and configuration settings; (5) interfere with the operation of equipment protection systems; and (6) interfere with the operation of safety systems.
MITRE Corporation has produced a matrix (ATT&CK for ICS Matrix) that categorizes eleven techniques attackers are using to attack ICS. These are: Initial (network or system infiltration), Execution (executing code in the infected machines), Persistence (holding on after being detected or after strict measures are set in place to wipe the infection from the system), Evasion (trying to avoid being detected), Discovery (scan the ICS to have better knowledge of its vulnerabilities), Lateral Movement (internally moving through the systems and network), Collection (gathering more intel about the networks' or systems' attributes), Command and Control (communicating to physical ports and sending instructions to devices inside the ICS), Inhibit Response Function (disabling devices and/or interrupting communication to physical elements), Impair Process Control (meddling with devices' responses, procedures and information), and Impact (direct attacks that can damage property or make operators lose control). Public agencies need to increase their awareness of the kinds of attacks on Industrial Control Systems that could affect the operation of critical urban infrastructure.