Industrial Control Systems (ICS) are responsible for data acquisition, visualization and control of industrial processes, often found in industrial and critical infrastructures. They play a critical role in maintaining the continuity of industrial processes and ensure functional and technical safety.
The criticality of control systems, and their high impact in case of disruption, makes them a major target for malicious activities. Over the last years the number of cyber security incidents in the industrial automation area increased annually
Achieve an Appropriate Level of Security
For some time, experts have advised using a project-based approach to define what is required to assess and modify current systems or to design new ones to achieve an appropriate level of security. Unfortunately, such an approach is not sufficient, as it does not necessarily consider the ongoing support and eventual replacement of these systems.
A more comprehensive approach needs to:
- Consider All Phases of the Lifecycle of the individual ICS
- Define criteria in terms of various levels of maturity
- Assess Current Capabilities and Performance
The asset owner then uses these results to prepare a response plan consisting of distinct steps for improving security in specific areas, such as system segmentation, access control, or patch management.
Barriers to Improving Cyber Security
End users in some industries (including manufacturing) are either unaware of the risk of cyber-attacks or reluctant to implement security strategies, as investments in cyber-security do not appear to have a tangible return-on-investment (ROI). This leads to a complacent ‘wait and watch’ approach.
Another reason for the low uptake of security planning and implementation in some industries is the apparent size and complexity of the task. Furthermore, it is difficult to predict how a newly introduced patch will impact the functioning of the control system. This increases the organization’s reluctance to act on potential threats.
Other typical barriers to improving cyber security in industrial environments include:
- Increasingly open industrial automation
- Inadequate end user awareness
- Increased use of commercial off-the-shelf IT solutions
- Inadequately skilled manpower
Survey with the ICS Workshop Audience
After presenting the digital disruption in the industry and the impact on cyber security, the workshop was held in an interactive format. The audience participate in a quick survey regarding security topics. The audience could answer the survey questions with any smart device and internet connection (WLAN provided). This survey was fully anonymous, it was impossible to track the answers back. The panelists analyzed the aggregation of the answers and propose the best security practices according to the answers.
To access the full-text version of this article and to see the results of the survey, please contact firstname.lastname@example.org