EIF 2018 – ICS Workshop

By Thomas Menze

Company and Product News

Industrial Control Systems (ICS) are responsible for data acquisition, visualization and control of industrial processes, often found in industrial and critical infrastructures.  They play a critical role in maintaining the continuity of industrial processes and ensure functional and technical safety.ICS Workshop EIF 2018

The criticality of control systems, and their high impact in case of disruption, makes them a major target for malicious activities.  Over the last years the number of cyber security incidents in the industrial automation area increased annually

Achieve an Appropriate Level of Security

For some time, experts have advised using a project-based approach to define what is required to assess and modify current systems or to design new ones to achieve an appropriate level of security.  Unfortunately, such an approach is not sufficient, as it does not necessarily consider the ongoing support and eventual replacement of these systems.

A more comprehensive approach needs to:

  • Consider All Phases of the Lifecycle of the individual ICS
  • Define criteria in terms of various levels of maturity
  • Assess Current Capabilities and Performance

The asset owner then uses these results to prepare a response plan consisting of distinct steps for improving security in specific areas, such as system segmentation, access control, or patch management.

Barriers to Improving Cyber Security

End users in some industries (including manufacturing) are either unaware of the risk of cyber-attacks or reluctant to implement security strategies, as investments in cyber-security do not appear to have a tangible return-on-investment (ROI).  This leads to a complacent ‘wait and watch’ approach. 

Another reason for the low uptake of security planning and implementation in some industries is the apparent size and complexity of the task.  Furthermore, it is difficult to predict how a newly introduced patch will impact the functioning of the control system.  This increases the organization’s reluctance to act on potential threats.

Other typical barriers to improving cyber security in industrial environments include:

  • Increasingly open industrial automation
  • Inadequate end user awareness
  • Increased use of commercial off-the-shelf IT solutions
  • Inadequately skilled manpower

Survey with the ICS Workshop Audience

After presenting the digital disruption in the industry and the impact on cyber security, the workshop was held in an interactive format.  The audience participate in a quick survey regarding security topics. The audience could answer the survey questions with any smart device and internet connection (WLAN provided).  This survey was fully anonymous, it was impossible to track the answers back.  The panelists analyzed the aggregation of the answers and propose the best security practices according to the answers.

To access the full-text version of this article and to see the results of the survey, please contact ablech@arcweb.com

Engage with ARC Advisory Group