This graph shows where most cyber attacks on US networks originate.

Attacks on industrial control systems are on the rise

Aug. 31, 2018
“Cybersecurity trends and developments in risk mitigation” session at the International Liquid Terminal Association’s 38th Annual Conference

SECURITY guards are great.

Whether they’re posted in a guardhouse, sitting at a front desk or tooling around the parking lot on a Segway, they make the people they’re protecting feel a little safer while going about their business.

However, the reality is they’re helpless against the greatest threat to most businesses.

Derek Welch, vice-president of internal audit for TransMontaigne Partners, said their small, publicly held terminaling company experienced zero attempts to physically breach their security during the first six months of 2018 – while fending off 75,000 “legitimate” attempts to infiltrate their computer network.

Including “brute force” attacks, like password guessing, he estimates they average 1,000 attempts a day.

“It’s an amazingly enormous number of attempted breaches into our system,” he said during the “Cybersecurity trends and developments in risk mitigation” session at the International Liquid Terminal Association’s 38th Annual International Operating Conference & Trade Show in Houston, Texas.

Technology revolution

Mark Friday, an engineer who recently worked as a technology manager with Hatch, said companies are pouring resources into cybersecurity, and the industry is growing by 30% every year.

But with technology evolving so rapidly, they’re still playing catch-up.

He opened the session by trying to put the rapid rate of today’s change into perspective. According to archeologists, spears first appeared around 400,000 BC, and the bow and arrow wasn’t developed until 40,000 BC – 360,000 years later. The Bronze age didn’t usher in swords until 4,000 BC.

Firearms arrived in 1300, the atomic bomb in 1945 – and the transistor in 1947.

Weapons development is a dramatic example of the escalating pace of advancement, but the tiny transistor’s impact is subtler – and every bit as severe.

“What is the transistor?” Friday said. “It’s in every electronic device on the planet. You’ve got billions of them in your smart phone, and it’s kind of like an on/off switch, but you can pair these together and build logic gates, and then you put those logic gates together and you’ve got computers.

“So they’re in everything.”

With the number of transistors inside a microchip doubling every two years, according to Moore’s Law, Friday said someone born this year can expect computers will be 32 times faster when they’re 10.

“If fuel efficiency improved in the same way, then 10 years from now, you’d be driving from one tip of Texas to the other on one gallon of gasoline,” Friday said.

Extrapolate those numbers further, to 100X or even 1,000X, and we’re seeing growth that’s impossible to imagine.

Like flying from Houston to Beijing, China in less than 60 seconds.

“Whatever changes we’ve had in the past, there’s certainly more to come, and most of it for the better,” Friday said. “The world is getting better – despite what you may read in the news – but there are still risks involved, and that’s why we have to be diligent about security and cybersecurity.”

Uncommon criminals

Who are these bad actors we’re trying to keep out?

They’re not your dad’s thieves, a la Robert De Niro in Heat, or even a loner with 15 computers hooked up in mom’s basement.

Instead, these cybercriminals often are well-funded, highly motivated geniuses.

Only a quarter of 1% of people have genius-level IQs (140 plus), but that still leaves 65,000 geniuses in North Korea, 360,750 in Russia, 545,000 in the Middle East and 3.4 million in China.

And many of them aren’t fond of the United States.

“It’s a lot easier to have some really smart people sit at a computer than it is to build Intercontinental ballistic missiles,” Friday said.

According to an ESG Report in 2015, 68% of critical infrastructure organizations claimed to have experienced one or more security incidents, and the report predicted the problem would worsen.

Marty Edwards, formerly the head of the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, said in 2016 that DHS saw “more and more that are gaining access to that control system layer,” and the number of attempted hacks is growing annually.

Then in March 2018 a ransomware cyberattack hobbled Atlanta.

Recent reports indicate the attack will cost the city more than $10 million – far more than the $51,000 the group demanded – and Friday said he’s heard the cost, including collateral damages like the amount of time spent fixing problems and the fear the attack caused, is closer to $100 million.

“It’s a pretty substantial problem,” he said.

“And it’s a good thing they just held it for ransom, so you couldn’t get the system up and running in an automated fashion again. But what if instead they had tricked the PLCs so you couldn’t see they were pumping unbelievable amounts of chlorine, or who knows what else, into the water?”

A smarter response

So, what should the non-geniuses do to respond?

Start with the basics: Take the problem seriously, change passwords regularly – yes, Friday said, you must change your passwords – stay informed, and please, keep the vital systems off the internet.

He recommends software solutions to cybersecurity.

Companies like Claroty, Cyber X Labs, Dragos, and Inegy sell rapidly improving software designed to protect industrial control systems by providing risk assessment, detection and secure remote access.

“When we’ve deployed and used this at some of our clients’ sites, we’ve heard, ‘You did in a few hours what I’ve been working on for months,’” Friday said. “And when you get that kind of response, it’s an ‘ah-ha’ moment.

“This is a great leap forward in our ability to manage these problems.”

The best cybersecurity software is “tech agnostic,” meaning it works with mix-and-match systems, helping terminaling companies stay organized, interfaced and, most importantly, operational.

“The Number 1 concern I have right now … is ransom-ware,” Welch said.

“I truly believe the bad guys, the cyberthreat actors, being able to compromise a few systems and disrupt operations of our terminaling companies, is our Number 1 threat. I don’t really have a big concern someone’s going to open valves or put product on the ground, and I definitely don’t think they’re going to steal product.”

About the Author

Jason McDaniel

Jason McDaniel, based in the Houston TX area, has more than 20 years of experience as an award-winning journalist. He spent 15 writing and editing for daily newspapers, including the Houston Chronicle, and began covering the commercial vehicle industry in 2018. He was named editor of Bulk Transporter and Refrigerated Transporter magazines in July 2020.