Enclave: Defense Against PLCs Targeting by Cyber Threat Actors

Birds-eye view of water treatment plant

In the wake of the recent cybersecurity alert from the Cybersecurity & Infrastructure Security Agency (CISA), the vulnerability of Programmable Logic Controllers (PLCs) in critical infrastructure, particularly in water facilities, has become a matter of urgent concern. The alert detailed how threat actors successfully breached a U.S. water facility by exploiting exposed Unitronics PLCs online. This incident underscores the need for robust cybersecurity measures in industrial settings. Enclave, with its advanced microsegmentation technology, emerges as an ideal solution to defend against such threats.

The Vulnerability of PLCs in Critical Infrastructure

PLCs are the backbone of industrial control systems, managing and controlling machinery and processes. When hackers compromise PLCs, the repercussions can be severe, ranging from service disruptions and water supply contamination to physical damage to infrastructure. In the reported incident, although the potable water safety wasn’t compromised, the risk was alarmingly high.

CISA’s alert revealed that the attackers didn’t rely on zero-day vulnerabilities but exploited poor security practices. They targeted Unitronics Vision Series PLCs with a human-machine interface (HMI), highlighting the need for better security protocols.

Enclave’s Role in Securing PLCs

  1. Robust Network Segmentation: Enclave’s microsegmentation technology is crucial in creating secure, isolated network segments. By segmenting the network where PLCs operate, Enclave ensures that even if a part of the network is compromised, the breach does not spread to critical control systems.
  2. Zero Trust Model: Enclave operates on a Zero Trust network permissions model. This means no entity is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources in the network. This approach is vital in protecting against unauthorized access to PLCs.
  3. Advanced Firewall and VPN Setup: Enclave’s use of firewalls and VPNs aligns perfectly with CISA’s recommendation to disconnect PLCs from the open internet and control access through a Firewall/VPN setup. This setup ensures that remote access to PLCs, if necessary, is secure and controlled.
  4. Multi-Factor Authentication (MFA): Implementing MFA for all remote access, as advised by CISA, is a cornerstone of Enclave’s security strategy. MFA adds an additional layer of security, making it significantly more difficult for unauthorized users to access the operational technology (OT) network.
  5. Enhanced Security Configurations: Enclave’s platform allows for the easy implementation of security best practices, such as changing default passwords and avoiding commonly targeted TCP ports. These configurations are essential in defending against the tactics used by cyber threat actors.

Responding to the Threat Landscape

In the context of the attack on the U.S. water facility and the broader threat landscape, Enclave’s capabilities are particularly relevant:

  • Immediate Isolation and Response: In the event of a breach, Enclave can immediately isolate affected segments, limiting the impact and safeguarding crucial control systems.
  • Continuous Monitoring and Adaptation: Enclave’s system allows for continuous monitoring of network activity, enabling quick response to unusual patterns that could indicate a breach.
  • Customizable Security Protocols: With Enclave, system administrators can tailor security settings to their specific needs, ensuring that the PLCs are protected against the unique threats they face.

A Proactive Approach to Cybersecurity

The incident reported by CISA is a wake-up call for the industry. It’s not just about reacting to threats, but proactively securing infrastructure against them. Enclave offers a comprehensive solution that addresses the vulnerabilities exposed by such attacks. By implementing Enclave’s advanced microsegmentation technology and adhering to the recommended security measures, facilities can significantly enhance their defense against sophisticated cyber threats targeting PLCs.

As cyber threats continue to evolve and target critical infrastructure, the need for robust, adaptable, and efficient cybersecurity solutions has never been greater. Enclave stands out as an ideal defense mechanism, offering a multi-layered approach to secure PLCs and other critical control systems in industrial settings. Its implementation not only aligns with the recommendations from CISA but also sets a new standard in protecting our essential services and infrastructure from cyber threats.