The Making of Malware

In Automation World, Aaron Hand writes about the need to establish measurable benchmarks when it comes to malware in industrial control systems (ICS), and the results from a new study from cybersecurity company Dragos on this often neglected or “overhyped” topic.

Quoting from Robert Lee on Dragos’ blog about the study’s methods, Hand calls for a rational and measured approach to addressing ICS malware. “Security in the ICS is very important to safety and reliability, but the power grid isn’t going to just fall over and gas pipelines aren’t going to start exploding over random infections or non-nation-state actors deciding to target them,” says Dragos CEO Robert Lee.

Hand points to the need to create organizational changes in order to protect industrial operations, rather than basing them on reactionary measures to high profile events in the news. “This is largely because these stories don’t seem to relate to the day-to-day running of a typical plant,” Ben Miller, director of threat operations for Dragos, told Hand. “There’s a disconnect between a lot of what the hype is and what the folks are seeing. People have heard of Stuxnet or BlackEnergy or Havex, but nobody’s actually seen those in their environments.”

Miller used publicly available tools such as Google’s VirusTotal to gather his data, which led him to discover security concerns such as bad actors imitating Siemens programmable logic controllers, and uploading vulnerabilities caused by user error that exposed confidential information.

According to Automation World, Dragos plans to operationalize the research for industry usage.