In 2016 when the industrial sector hesitated to acknowledge the urgency of cybersecurity measures, Kaspersky ICS CERT undeterred by prevailing misconceptions, embarked on a mission to scrutinise the vulnerability of real-world industrial systems. The revelations were startling, propelling the team to share their findings and lay the foundation for a broader mission—raising awareness, providing cybersecurity services, and contributing to the fortification of critical infrastructure.
Collaboration for resilience
Kaspersky ICS CERT was born out of the realisation that industrial organisations were ill-prepared to protect themselves adequately in the face of emerging cyber threats. Evgeny Goncharov, Head of the Industrial Control Systems Cyber Emergency Response Team at Kaspersky, says that the prevailing attitude among many was that their operational technology (OT) systems were secure due to air-gapped networks and safety systems.
However, Kaspersky ICS CERT embarked on a journey to uncover the true vulnerabilities of industrial systems and raise awareness among the wider public. “We decided to go and check how deep the rabbit hole is, how vulnerable the real-world industrial systems are, and how the OT environments are in fact exposed and to which degree they are already compromised. The first findings were so surprising, that after several cross-checks we realised we needed to share them with the public. That’s how the project started,” said Goncharov.
Kaspersky ICS CERT’s collaborative efforts extend to private companies and critical infrastructure organisations from applying training and educational programs in Saudi Arabia, energy and mining, in Africa, to analyzing the emerging threats to automotive industry in China and helping to build cyber resilience capabilities for the nuclear power industry in Japan. CERT offers an array of services, from dedicated Cyber Threat Intelligence to vulnerability research and OT/IoT/Transportation product cybersecurity assessment. They share indicators of compromise and actionable information on OT vulnerabilities, enabling the integration of this knowledge into automated cybersecurity process.
In addition, Kaspersky ICS CERT assists in responding to cyber incidents, such as attacks by advanced persistent threat (APT) actors on industrial enterprises. They help organisations prepare for effective incident response by crafting a highly customised incident response and digital forensics handbooks for OT environments. Furthermore, Kaspersky ICS CERT offers training programs for both IT/OT cybersecurity professionals and generic staff, ensuring that organisations possess the required skills to mitigate unique challenges posed by industrial control systems.
Bridging the skills gap
Recognising the shortage of qualified experts in the global and local markets, Kaspersky ICS CERT places great emphasis on addressing the skills gap. The objective is clear—to empower partners and customers, enhancing the expertise of their existing cybersecurity teams. Goncharov pointed out that bridging skills gap is one of the key priorities for the team. To ensure this, they ensure that the effective consumption of their products and services relies on well-qualified cybersecurity personnel within their customers’ organisations.
“We share indicators of compromise and unique actionable information on OT vulnerabilities in a form of feeds to be integrated in automated cybersecurity solutions. We assist them in responding cyber incidents, such as attacks of APT actors on industrial enterprises. We help them get prepared for fast and effective incident response by crafting highly customised and tuned incident response and digital forensics handbook for OT environments,” he added.
To alleviate talent competition, Kaspersky ICS CERT invests significantly in comprehensive training programmes, empowering partners and customers to elevate their existing cybersecurity team’s expertise. By doing so, they reduce the need for extensive external recruitment efforts, promoting the growth of a skilled workforce.
Unveiling vulnerabilities
Goncharov also pointed out a vulnerability that Kaspersky ICS CERT has identified among the other recent ones. Although specifics are protected for security reasons, the CERT cites instances. Goncharov said that a set of vulnerabilities found in Telit Cinterion 3G/4G modems enabled remote arbitrary code execution, potentially granting unauthorised control over various systems such as vehicles, medical devices, payment terminals, and more. Vulnerabilities in proprietary protocols used by prominent vendors like Schneider Electric and widely deployed PLCs have also been addressed. Notably, Kaspersky ICS CERT has contributed to the cybersecurity of popular protocols like OPC UA and licensing frameworks such as SafeNet Sentinel. The teams’ findings have earned their expert’s recognition in the cybersecurity halls of fame and have been acknowledged by organisations such as BMW and Siemens.
Beyond identifying vulnerabilities, Kaspersky ICS CERT actively contributes to the development of cybersecurity frameworks. The Security Maturity Model by the Industry IoT Consortium, influenced by the CERT’s expertise, serves as a foundation for Kaspersky’s OT/IoT/Transportation Product Security Maturity Assessment service. This global impact reflects the team’s dedication to advancing cybersecurity practices worldwide.
Kaspersky ICS CERT emerges as a formidable force in fortifying industrial frontiers against evolving cyber threats. The insights gleaned from the interview underscore the organisation’s multifaceted approach, blending research, collaboration, skills development, and global contributions to cybersecurity frameworks. As digital landscapes continue to evolve, Kaspersky ICS CERT remains an unwavering guardian, committed to securing critical infrastructure and shaping the future of industrial cybersecurity.
In response to the dynamic evolution of the threat landscape, Kaspersky ICS CERT stands resolute in its commitment to fortifying critical infrastructure. The cruciality to shift from conventional cybersecurity to a state of cyber immunity becomes apparent, driven by the recognition of potentially catastrophic consequences arising from vulnerability within critical infrastructure. This key moment has driven Kaspersky to embark on its cyber immunity mission, a transformative initiative geared towards pre-emptive measures to safeguard the resilience of industrial systems. For instance, Kaspersky joined the Malaysia IoT Association to drive Cyber Immunity awareness in South East Asia.
Kaspersky’s comprehensive cyber immunity product line stands as a testament to its dedication to advancing cybersecurity practices and navigating the trajectory of industrial cybersecurity toward a more robust future. Recognizing that mistakes in critical infrastructure can have far-reaching impacts, Kaspersky’s suite of products is strategically designed to address and mitigate potential threats, providing a shield against vulnerabilities that could compromise the integrity of industrial systems. In a world where the stakes are exceptionally high, Kaspersky ICS CERT emerges as a trusted partner, diligently contributing to the ongoing pursuit of cyber resilience and immunity for critical infrastructure.
