Industrial protection in the digital era

Aarón Flecha Menéndez, ICS Security Consultant at S21sec

Digital transformation is no longer an option but a necessity. However, innovation has brought an unwanted guest: cyber risk. Factories and production plants, traditionally protected by physical measures, increasingly have interconnected networks, where the multitude of deployed devices could be seen as a potential point of entry. An example of this was the attack suffered in 2024 on Bassett Furniture Industries in the United States, which temporarily paralyzed its production and affected its global supply chains, exposing the vulnerability of industrial systems internationally. As a result, cybersecurity is no longer just a technological issue, but has become a crucial factor for industry survival.

Evolution of the industrial cyber threat landscape

In 2024, there has been a significant increase in the activity of hacktivist groups, which have made incursions against industrial processes with the aim of paralyzing them. According to the latest biannual 'Threat Landscape Report', by Europe's leading cybersecurity company S21Sec, a Thales Group entity, the industrial sector has become one of the main targets of ransomware attacks, a type of malware that encrypts information on operating systems and the victim is then extorted financially. These cyber-attacks can not only disrupt operations, but also have a high potential to paralyze supply chain and production plant activity.

An example of this is the activity of ransomware families such as LockBit, which is distinguished by its ability to spread rapidly and its sophistication in circumventing the most advanced security solutions by encrypting large volumes of data in a matter of hours. The increase in criminal activity in this area has intensified police investigations in Spain, which has recently led to the arrest of one of the main people responsible for its infrastructure, revealing the extensive criminal network and its global reach.

Critical vulnerabilities in the industrial sector

Industries were not conceived from an approach focused on cyber threats, which has resulted in major security breaches that put their operability at risk. In the first half of 2024, more than 17,000 new vulnerabilities were disclosed that adversely affect key components in industrial systems, from SCADA (Supervisory Control And Data Acquisition) systems to smart devices. In addition, their exposure is compounded by the increase in supply chain attacks as a common tactic among cybercriminals.

On the other hand, one of the biggest challenges for industrial cybersecurity lies in the coexistence of legacy technologies and modern systems. Many of the industrial plants, which have legacy operating equipment, are highly vulnerable to today's attacks, not having the latest security updates needed to repel them.

A comprehensive approach to cyber-resilience

As other production sectors migrate to digital platforms, protecting these aging systems becomes a priority for the industry. However, the technological transformation and modernization of the sector requires a high economic investment. However, it is essential to implement robust security measures that mitigate these risks and ensure the integrity of the systems. Cybersecurity strategies can no longer be limited to the detection and mitigation of attacks but must evolve towards a cyber-resilience that allows the productive fabric to act quickly in the face of the consequences of an attack, minimizing the impact on plant operations. To armor industry, a good cyber hygiene practice is to keep systems up to date as a measure against threats.

To counter industrial threats, it is necessary to invest in monitoring capabilities and services managed by Security Operations Services (SOC), where solutions are implemented to counter threats such as denial of service (DoS) attacks. This type of attack is implemented by sending multiple requests aimed at slowing down or disabling the use of a system. All of this must be complemented by the promotion of a strengthened cybersecurity ecosystem from which people are made aware of the dangers of cyberthreats, providing them with tools to protect the entire value chain.