According to government contractors and former Pentagon officials, computer code capable of killing adversaries will be developed under a new half-billion-dollar military contract. These cyber weapons will allow U.S. troops to launch logic bombs, instead of traditional explosives — essentially forcing an enemy's critical infrastructure to self-destruct.
Barak Perleman, CEO of Indegy, took some time to answer our questions about this defensive strategy and how companies can protect their systems from cyberthreats.
Manufacturing Business Technology: What exactly is a logic bomb?
Barak Perleman: A logic bomb is malicious code that executes under predetermined conditions, such as a certain date/time, when a specific action is taken by the user, or upon arrival of the code on a target system.
For example, a logic bomb can look like a benign piece of software that spreads through the network. It will not be recognized by IT security controls because it is unknown (there is no signature that can be used to recognize it as malicious) and isn’t behaving maliciously. Once it reaches a workstation, the code will look for the presence of certain processes that indicate that the device is connected to a manufacturing system. Only if indeed connected to such a system, will the code execute to shutdown the system, change its logic or cause other damage.
MBT: When it comes to cyberattacks, U.S. manufacturers have two primary concerns: 1.) Attacks that could injure employees and the community via unlawful access to volatile materials; 2.) Attacks focused on access to intellectual property. How would a logic bomb potentially help an attacker realize these goals?
Perleman: To cause physical damage, a logic bomb can target systems that handle hazardous materials including oil and gas, water treatment and nuclear facilities. It is also possible to steal intellectual property by accessing OT (Operational Technology) systems to understand the logic of the industrial processes being used .
MBT: More manufacturers are implementing a BYOD approach to employee usage of personal mobile devices and computers. From a security perspective is this a bad idea? How should manufacturers broach this dynamic?
Perleman: BYOD can be a dangerous practice if these devices are not well secured and allowed to connect to the industrial network. Typically personal devices are more exposed to cyberthreats since they are used to access unsecured networks in public locations (airports, restaurants, hotels, etc.). In many cases, they do not have adequate endpoint protection to prevent compromise. This makes BYOD devices more vulnerable. If a compromised device connects to the industrial network it may compromise the entire network.
MBT: Manufacturers also use a number of outside vendors for software upgrades, network troubleshooting, etc. What are some steps that can be put in place to protect against intentional or unintentional threats that can be introduced by outside vendors?
Perleman: Unintentional threats are often introduced by outside vendors, system integrators and contractors. To minimize these risks, insecure vendor equipment should not be allowed to connect to the industrial network. In addition, all changes made to industrial systems and control devices must be closely monitored and documented, especially changes to the logic of the controllers. This will allow systems and devices to be rolled back to a best known configuration if any problems occur. One of the biggest challenges in industrial security is the lack of visibility into such changes, and lack of proper documentation. When there is a security event or failure in the network, if there is no way to quickly identify the changes that were made, it is very difficult to resolve problems.
MBT: Looking forward, do you feel more cyberthreats will come from malicious hackers looking more to disrupt than steal, or from foreign entities looking to weaken the U.S. or U.S. companies in general?
Perleman: We believe that the biggest threat comes from insiders - employees, contractors, systems integrators and vendors, who have access to the industrial network and can cause intentional damage or make unintentional mistakes. Humans make mistakes and errors happen on a daily basis. Without the tools needed to monitor activity and document changes, it is very difficult to mitigate these threats.
MBT: When looking at a couple sectors of manufacturing, obviously the concerns at a food manufacturing facility will differ from that of an aerospace manufacturer. Should their basic approach to cybersecurity be different too? How?
Perleman: While industrial security concerns vary in different manufacturing sectors, they are exposed to similar threats that can affect their industrial systems and underlying operational technologies. That’s because many of the same operational technologies are used across different sectors, for different manufacturing processes. A threat to these shared operational technologies, impacts all manufacturing sectors. Therefore, the basic approach to industrial cyber security remains the same. It begins with discovering all components of operational systems, establishing a baseline inventory of their configurations and monitoring them for unintended changes.
Barak Perleman is CEO of Indegy.