For more than a decade, experts in the automation and information technology disciplines have given considerable attention and effort to protecting industrial control and related information systems from cybersecurity risks sand cyber-attacks. Suppliers, integrators, and asset owners have worked together in standards committees and other venues to develop and promote standards, practices, and case studies that provide direction on how to reduce the risk to existing systems.
The first response includes a combination of threat detection and vulnerability reduction. Most experts agree that, in the longer term, protection must include a combination of improved products that are “secure by de-sign,” and an improved response by asset owners, using available frameworks and tools.
Cybersecurity Risks Continue to be Real
The security community is making progress in many of these areas, but challenges remain. Threats continue to emerge and new vulnerabilities are identified almost daily. Several recent events have demonstrated that there is still much to be done by all stakeholder groups.
Increased awareness, attention and analysis enables the cybersecurity community to identify new opportunities. Until recently, little attention was given to potential threats to field-level devices. Standards committees and other groups are now addressing the implications of potential vulnerabilities in this portion of the reference architecture.
Standards and Practices Provide Guidance Against Cybersecurity Risks
Several accepted and proven standards (e.g., ISA-62443, UL-2900, NERC CIP) provide detailed requirements for improving the security of industrial control systems, either by adding mitigating controls or improving the capabilities of new components and systems. In addition to formal standards, there are also special publications from NIST and a variety of sector-specific practices.
If you would like to buy this report or obtain information about how to become a client, please Contact Us
Keywords: Cybersecurity, Devices, Field Networks, Risk, Threat, Vulnerability, ARC Advisory Group.