Microsoft Unveils New Open-Source Tool for Operational Technology Security
Hey Bay Area friends! I know many of you are healthcare professionals who like me, have a keen interest in cybersecurity. Well, I’ve recently learnt something that may be of interest to all of us. Come, let me tell you about the latest buzz in industrial control systems security: ICSpector.
This fancy new tool has recently been made available on GitHub by Microsoft. It’s got to do with industrial programmable logic controllers, or PLCs. Ever heard of them? I hadn’t, until recently! These PLCs are pretty much the backbone of all operations in an industry—running everything from power grids to water systems. However, they are kind of tricky to monitor for potential threats due to lack of adequate tools and expertise in the field.
The whole point of ICSpector is to make threat analysis of PLCs easier and more effective. It can basically detect if someone malicious has tampered with the system by extracting the timestamps of changes made. The tool can also provide an overview of tasks within the system. Cool, right?
To break it down, PLCs are active participants, running precise industrial processes, simultaneously making it a challenge to retrieve and analyze their operational codes. And that’s what ICSpector is designed to address. Currently, ICSpector is compatible with three operational technology (OT) protocols—Siemens S7Comm, Rockwell RSLogix, and Codesys V3.
Now, while this development from Microsoft is encouraging, there’s a larger conversation to be had here. The overarching issue of operational technology (OT) security seems to be escalating, especially with OT and IT systems not having enough separation, making threat detection a challenge. Yeah, not great!
Remember our recent chat about the risks posed by Internet-connected cellular connections used to gather data from remote locations? Well, it seems like those risks are now compounded due to the blurred lines between OT and IT systems.
That’s not all, folks. There has been a recent uptick in nation-state attacks on critical infrastructure, quite unsettling, isn’t it? Federal authorities have been sounding the alarm about how hackers from Russia and China are persistently targeting energy companies and water utilities. There have been about 27 security incidents just with the water and wastewater sector in the U.S from 2006 to 2023.
So, while we continue to be vigilant in our collective defense against cyber threats, let’s celebrate the advent of tools like ICSpector. They may not solve all our problems, but they’re a step in the right direction. As we move forward, let’s keep our eyes wide open, leverage these advancements and stay one step ahead in securing our critical infrastructure!
That’s all from me today, friends. Stay safe, stay connected, and of course, stay curious about the security of your operational technologies! Until next time!
by Morgan Phisher | HEAL Security