PoS attack means manufacturers should remain vigilant

Recent data breaches and hacks in the retail industry should be seem as warning signs to manufacturers. Security professionals in the industry should remain vigilant and know an attack is just a click away.


It wasn't too long ago when industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems were in the scope of the bad guys. These systems, sometimes close to 30 years old and considered easy pickings, were suffering hacks, or threatened hacks, on a fairly regular basis.

The thing is, they still are.

When you looked at the headlines a year or two ago, they talked about Stuxnet, Night Dragon, Shamoon, Saudi Aramco, RasGas, ExxonMobil, Shell, just to name a few. Now the news still talks about hack attacks, but they are of a different kind. This time the retail sector is in the crosshairs. Just look at Target, Neiman Marcus, and most recently Home Depot.

Home Depot is the latest retailer to suffer a major credit card data breach that may have started in late April or early May. The Atlanta-based home improvement retailer is now working with banks and law enforcement to investigate "unusual activity" that would point to a hack.

It is easy to say this is just the retail sector and it doesn't affect manufacturing, but that is not true. Just how should the manufacturing industry react to the point of sale (PoS) attacks going on in the retail sector?

The main thing is, security professionals in the industry should remain vigilant and keep their mind in the game and know an attack is just a click away. "I have been watching the PoS issues, including several notifications from the National Cybersecurity and Communications Integration Center (NCCIC), said Joel Langill, ICS cyber security consultant and founder of SCADAhacker.com. "I believe that this is 'the retail industry's Stuxnet.' The recent Target and Neiman Marcus breach put these systems on the front page of the mainstream media, so all of those researchers shifted focus and are now having fun finding problems throughout these systems," Langill said.

Researchers, however are finding similarities between retail systems and ICS/SCADA systems.

"I think there is a lot of comparisons between the attacks hitting the PoS terminals and the manufacturing world," said Graham Speake, vice president and chief product architect at NexDefense, Inc. "While the attackers are obviously after credit card information in these attacks, it does show the sophistication of the attackers. Like an industrial control system, the PoS network is normally a separate network with links to the main business network. The lack of attention to the PoS network in terms of what communications are occurring and egress monitoring, a fairly static network with real time devices on it and devices that are not updated/upgraded frequently are also characteristics of industrial control networks."

In the dynamic and evolving security environment, bad guys continue to find new ways to get into systems, but these attackers are not moving from industry to industry like a bunch of 7-year-olds chasing a ball while playing a soccer game. In most cases, these are professional attackers on a very specific mission going after their target.

"I don't believe that it is the same set of threat actors, so manufacturing should not lower their guard thinking that the bad guys have shifted targets — it is a new set of bad guys with the same ones still targeting manufacturing," Langill said. "Havex (Dragonfly, Energetic Bear, Crouching Yeti) should have shown this, and should have opened everyone's eyes to the new tactics of exploiting 'trusted relationships.'"

"Owners of PoS networks had put in defenses to protect that data, even regulated with PCI standards, but the lack of visibility allowed multiple breaches (even after the Target warnings)," Speake said. "Attackers could turn their attention to ICS networks and, using similar attack tools and methods, gain access to these networks, not for credit card scraping but for extortion or disruption."

Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information website covering safety and security issues in the manufacturing automation sector. This content originally appeared on the ISSSource website. Edited by Joy Chang, Digital Project Manager, CFE Media, jchang@cfemedia.com 

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Engineering Leaders Under 40; System integration improving packaging operation; Process sensing; PID velocity; Cybersecurity and functional safety
Mobile HMI; PID tuning tips; Mechatronics; Intelligent project management; Cybersecurity in Russia; Engineering education; Road to IANA
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
click me