Live Threat Map
Industrial control systems refer to a broad class of automation systems that include programmable logic controllers, safety instrumented systems, distributed control systems, human-machine interfaces and SCADA systems. These systems are vital to critical infrastructure because they control and monitor manufacturing and industrial processes — without which societies, countries and economies would fail.
Historically, ICSes had a high degree of physical separation from IT infrastructure. Changes in business requirements and innovations in technology, however, are causing an organic convergence.
Common drivers for ICS and IT convergence
Although ICS environments were previously left isolated intentionally, they are now increasingly connecting to other networks. Seventy percent of ICS environments had an external connection in 2021, almost double from the previous year, according to research from cybersecurity company Dragos.
This convergence did not happen on purpose, but rather is due to a number of organic changes that came largely from the digitization of ICS environments.
Some common drivers leading to ICS and IT convergence are the following:
- enabling remote access and maintenance for employees and third parties;
- improving insight into utilization of resources;
- optimizing the production environment in real time;
- monitoring potential safety or security issues; and
- analyzing log and sensor data to run investigations.
Convergence raising security concerns
The convergence of IT and ICS environments offers benefits for the entire ICS ecosystem. It also introduces new security risks, however, many previously unknown to manufacturers and industrial processes. Gartner predicted that, by 2025, threat actors will weaponize ICS to harm or kill humans.
Top ICS security concerns
To better understand the situation, let’s explore the top security concerns.
Increased risk of cyber attacks and breaches
The connectivity of ICS and IT is giving rise to increasingly internet-facing systems, making them vulnerable to cyber attacks and breaches. Most ICS assets are now cloud-managed for logging, monitoring and dashboarding, which adds a layer of complexity.
Disruptions in ICS environments can have major downstream impact, including risk of fines and censure, which is another reason why these industries have a low tolerance for downtime — and why ICS infrastructure is an attractive target for cybercriminals.
Increased risk of failure in security, reliability and performance
Interruptions can have major implications on the security, reliability and performance of ICSes. A cyber attack or data breach could halt production, which can have significant cost implications. In the worst case, it could also contravene safety and trigger catastrophic consequences, such as power grid blackouts, environmental damage, paralysis of economic activity and loss of life.
Complexities in managing and maintaining security
ICS devices use bespoke versions of OSes that limit the scope of patching, updating and installing protection mechanisms, such as antimalware controls. Patching and updating these devices sometimes require intervention from the manufacturer of the device, which can take time or require a remote connection. This can expose the device to unexpected and uncontrolled network traffic.
ICSes also operate around the clock and, therefore, cannot risk applying untested patches.
Some organizations even go to the extent of switching off their security due to the lack of compatibility with automation systems. Managing and monitoring ICS security is also a full-time job, and many organizations don’t have enough staff to manage ICS cybersecurity.
Friction between ICS and security teams
ICS teams and security teams have different priorities; one is focused on performance and availability, while the other is focused on security. ICS assets were traditionally sealed systems with localized, analog methods used to manage, monitor and control their behaviors. Engineers could manage the ICS without the intervention of IT or the security team. This is no longer the case and can often create friction between teams.
How ICS organizations can mitigate security concerns
A quick fix for securing ICS environments doesn’t exist, but there are steps to take to control it.
Start with a detailed understanding of what assets and devices make up the environment, and prioritize them based on the associated risks. Both IT and ICS teams must join to ensure a safe, secure and converged environment. IT teams can benefit from ICS engineers’ years of experience in designing, building and maintaining such environments, while ICS engineers can benefit from the IT team’s cybersecurity expertise.
Collectively, teams must articulate threats in a language the business understands so stakeholders comprehend the gravity of the situation and perpetuate a change in security attitudes and processes.
This is not a one-off collaboration or a one-off exercise. ICS engineers and IT professionals must continue to collaborate to keep a watchful eye on evolving risks and stay ahead of threat actors.
About the author
Steve Durbin is chief executive of the Information Security Forum (ISF), a not-for-profit association dedicated to investigating, clarifying and resolving key issues in information security and risk management by developing best practice methodologies, processes and solutions that meet the business needs of its members. ISF membership comprises the Fortune 500 and Forbes 2000.
Read the full article here