Manufacturing
Reports

Human Error and Sabotage top list for German ICS Security

December 16, 2019
Human error

Hackers successfully took control of production software at a German steel mill in 2014. The cyber-attack caused massive damage to equipment in the plant, forcing operators to shut down production.  Human error played a significant role.  The now infamous attack involved a phishing campaign whereby hackers sent out targeted emails to plant staff and administrators. Once opened, these emails retrieved information like logins and passwords, allowing hackers to gain access to the plant’s network.

Phishing remains a prevalent tactic used by hackers to infiltrate network systems, and according to a new report it’s among the top threats facing industrial control systems in Germany.

[optin-monster-shortcode id=”dv4jqlr9fih8giagcylw”]

As part of the report, produced by the Mechanical Engineering Industry Association (VDMA), companies were asked to identify the threats facing their industry. The companies ranked human error and sabotage at the top of the list, followed by malware downloaded from removable storage devices and external hardware, social engineering and phishing, and malware downloaded from the internet.

There are a number of scenarios that can lead to human error and sabotage. According to Germany’s Federal Office for Information Security (BSI), this includes incorrect configuration of network components, components related to security such as firewalls, or ICS components in general; the uncoordinated installation of updates or patches; side-effects from intentional actions such as damaging devices and installations or placing covert listening devices; compromising systems by unauthorized software or hardware such as games, digital cameras, smartphones or other USB devices owned by operator; and the creation of unreleased configurations for infrastructure and security components.

According to the VDMA report, 47 percent of security incidents, at those companies surveyed, were caused by random external influences such as undirected emails containing viruses. Additionally, 38 percent of incidents were caused by internal influences such as a breach of the company’s code of conduct and 26 percent were caused by targeted external influences.

The assessment of companies surveyed in the report differs from BSI’s. Earlier this year, the agency released a report detailing the top ten ICS threats. It ranks the infiltration of malware via removable media and external hardware as the top threat, followed by malware infection via internet and intranet, human error and sabotage, and compromising of extranet and cloud components.

While the reports differ, they both agree that countermeasures must be taken to address these cyber threats.

“Automation, process control, and I&C systems, all referred to by the blanket term Industrial Control Systems (ICS), are used in almost all infrastructures that handle physical processes, from power generation and distribution, to gas and water supplies, to production, traffic guidance systems, and modern building management,” says BSI. “In this fields, aspects of cyber security have been handled with low priority or even neglected for decades. Facing an increasing number of incidents and vulnerabilities, operators of such equipment have no choice but to accept this challenge now. The risk and potential for damage caused by non-targeted malware as well as by specific attacks against ICS infrastructures that are executed in a targeted manner, more competently, and with considerable effort, have to be considered in these efforts. This stands true for all infrastructures, no matter if they are directly connected to the internet or indirectly accessible by cyber attacks.”

Security breaches come at a great cost to the facilities that fall victim to them. Half of the companies surveyed in the VDMA report say they experienced financial damages as a result of a security incident. Thirty-one percent experienced production downtime and 19 percent experienced quality losses.

Rebecca Addison
Industrial Cyber Editor. Rebecca Addison is a former newspaper editor with a decade of experience in the media industry. During her career, she has interviewed world leaders and corporate CEOs, and covered topics ranging from blockchain and CBD to healthcare and education.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Forescout discloses Connect:fun exploitation campaign targeting organizations using Fortinet's FortiClient EMS
Forescout discloses Connect:fun exploitation campaign targeting organizations using Fortinet’s FortiClient EMS
The Takepoint Research report indicates a significant shift towards adopting the Zero Trust model in OT, with 72% of professionals integrating it to boost security and efficiency. It highlights secure remote access as a key application, aligning with goals to reduce risk and enhance operations. Moreover, it points out the need for collaborative efforts across organizational roles to implement Zero Trust effectively, aiming to improve productivity and security.
Xage-Takepoint Research report reveals growing adoption of zero trust security in industrial enterprises
New JRC-ENISA report enhances cybersecurity standards alignment through CRA requirements mapping
New JRC-ENISA report enhances cybersecurity standards alignment through CRA requirements mapping
CSRB reports Microsoft Exchange breach by Storm-0558, urges security reforms following espionage incident
CSRB reports Microsoft Exchange breach by Storm-0558, urges security reforms following espionage incident