New Malware “Triton” Identified – And it Attacks Industrial SIS Systems

I was shocked to read this article from Wired Magazine about a brand new malware specifically designed to attack industrial safety instrumented systems (SIS). Per the article, security firm FireEye announced on December 14th that they discovered Triton, a sophisticated malware intended to disrupt or disable safety systems in industrial plants. The trend of these disturbing attacks is heading in the wrong direction and will continue to do so. Understanding all of the complexities of cybersecurity and keeping up to date with all of the new threats can be overwhelming; however, there are some simple steps you can take to protect your plant.

Implementing programs like Application Whitelisting and Automated Patch Management, updating infrastructure to Smart Firewalls and Smart Switches, and “hardening” workstations are all relatively easy measures you can take to make a step-change in your cyber defense. We offer a Basic Cybersecurity Assessment Service to evaluate and address vulnerabilities.

Basic Cyber Security Assessment

This high level assessment service provides insight into the current status of your existing DeltaV DCS  and identifies areas in need of improvement. The assessment can usually be completed in one day, where seven key categories will be evaluated:

  • Network Security
  • Workstation Hardening
  • User Account Management
  • Patching and Security Management
  • Physical Security and Perimeter Protection Management
  • Security Monitoring and Risk Assessment
  • Data Management

Several cybersecurity related issues will be addressed, including:

  • Review of the DeltaV DCS network segmentation
  • Review of existing cybersecurity policies and procedure in place
  • Review of existing portable device policies (USB sticks, Portable CDs, etc.)
  • Review of level of workstation and server hardening efforts currently in-place (USB ports, personnel access policies, etc.)
  • Review of user access policies and procedures including passwords and unused accounts
  • Determination of O/S security update policies, procedures, training and enforcement
  • Review of current patch management practices and procedures
  • Review of network physical security and perimeter protection best practices
  • Review of data backup plans and data management procedures

After the evaluation is complete, a report will be generated and reviewed with key personnel to discuss weaknesses and corrective actions.

Protecting your control system against 100% of cyber-attacks is a tall task – likely impossible. Taking this first simple step to assess your current cyber-defense is not.

If you would like assistance evaluating the security of your DeltaV system or would like more information on any of the solutions discussed in this article, please contact us.