State-sponsored hackers threaten industry, infrastructure, says Honeywell

Honeywell says that hackers are increasingly targeting industrial facilities, from oil refineries to nuclear power plants, with sophisticated attacks aimed at capturing data and remotely controlling the sites.

In an article published by Bloomberg, Eric Knapp, chief cybersecurity engineer at Honeywell Process Solutions, says the company has seen evidence of threats from nation states and “sponsored attackers” backed by nations in two thirds of the 30 industrial sectors the company tracks at its cyber research lab in Georgia, USA. The unit provides cybersecurity for more than 400 industrial sites worldwide, including oil and gas producers, chemical and power plants, natural gas processors and mining and water treatment facilities.

In December 2015, hackers in Ukraine disrupted power to tens of thousands of people when destructive malware knocked out at least 30 of the country’s 135 power substations for about six hours.

Knapp said hackers typically seek data or login details that give them access to industrial control systems at the facilities, letting them digitally manipulate the operations from afar.

“We’ve seen administrative credentials for sale. We’ve seen specific access to specific industrial facilities for sale online,” Knapp said. “If I were to peruse the black market and I didn’t have any scruples, I could say, ‘I want to access this facility’, and I can purchase the access to that, which is scary.”

As companies build stronger networks around their control systems, making direct access more difficult for hackers, attackers craft malware to hit a company’s more vulnerable corporate system and then infect any removable USB drives attached to that network. The control system’s network, housed separately, is breached when a worker plugs the infected USB drive into it. One third of malware Honeywell has detected at industrial facilities entered the control system’s network through infected USB drives plugged in by users.

Other challenges include costly measures needed to update industrial control systems to respond to current cyber threats. Some facilities are also using control systems that are three to four decades old, Knapp said.

“There’s just an inherent challenge in protecting these systems,” he said. “In a lot of cases, because of the age of systems, they predate cybersecurity.”