Industrial control systems (ICS), which manage utilities such as water, gas, and electricity, are going online so that jobs once carried out manually can now be carried out remotely or with the help of automation.
However putting ICS systems online makes them a target for cyber-criminals and therefore security should be a priority - but it isn't; much of the equipment at risk is quite old and now vulnerable to a host of digital threats.
Gabe Authier, senior product manager at Tripwire explains that there are three steps to follow to secure your ICS system against digital threats:
Secure the network
Security requires a good network design with well-secured boundaries. Enterprises should segment their networks by implementing the ISA IEC 62443 standard, secure all wireless applications, and deploy secure remote access solutions to help with fast troubleshooting and problem-solving. Companies should also monitor their networks including industrial network infrastructure equipment.
Secure the endpoints
OT professionals might feel their organisation's endpoints are protected against digital attacks but that isn't the case. The moment employees, contractors, or supply chain personnel bring their laptop or USB within the perimeter of the corporate network, these safeguards are bypassed.
Endpoint security can start with investing in asset discovery, or the process of carrying out an inventory of endpoints on the network. Controls must be defined and automated to ensure that the protection is there. Organisations must then assure there are secure configurations in place at each endpoint and monitor those endpoints for unauthorised changes.
3) Securing the controllers
Mechanical devices interact with the physical world. These controllers are specialised computers which bridge the act of controlling physical systems and receiving programming or instructions from a network. There are many cases of malicious actors gaining access to control systems causing those systems to malfunction.
Organisations can protect industrial controllers against digital attacks by enhancing their detection capabilities and their network visibility by implementing security measures for vulnerable controllers, monitoring for suspicious access and change control, and detecting/containing threats in a timely manner.
To adequately protect against digital threats requires a multi-step approach that focuses on network security, endpoint security, and industrial controller security.