Breach incidents affecting industrial control system (ICS) environments have increased significantly. Although air gaps between industrial floors and the outside world used to be sufficient to offer a good level of protection, that’s no longer the case. Recent research found that cyberattacks caused 35% of industrial network malfunction incidents. There are many ways that air gaps can be bridged so that an isolated ICS becomes infected – such as via a USB memory stick. In addition, systems that aren’t directly attached to the Internet may be indirectly connected via interaction with the company’s business IT systems.
Protecting ICS environments calls for a very different approach from that used for securing business IT systems. For business IT networks, the first priority is maintaining the confidentiality of sensitive business data and, although availability of the IT service is important, it’s not as vital as confidentiality and integrity. However, the reverse is true for industrial control, where continuous availability of the process is paramount. It’s all about protecting the process and eliminating disruptions.
The other vital difference is related to the technologies that are used in ICS environments. Although business IT networks are largely based on a few standard operating systems, applications and hardware components, this isn’t the case for industrial systems. ICS environments can be extremely customised and complex – full of proprietary technologies, SCADA servers, Human-Machine Interfaces, PLCs and legacy or obsolete sub-systems. This adds to the security challenge because every business’s control infrastructure is unique and the security solution has to be tailored to fit. Additionally, the Internet of Things explosion introduces new attack surfaces and threats that must be addressed as traditional security technologies won’t work.