Why It’s Crucial to Secure Industrial Control Systems
Industrial Control Systems are crucially important to everyday life, but as recent events have shown, they are also uniquely vulnerable to attack.
These systems enable most of the services that drive industrialized societies, keeping our drinking water clean, ensuring that manufactured goods are consistent and safe, maintaining a steady flow of electricity to our towns and cities, and much, much more. Also referred to as Operational Technology (OT or ICS for short), each of these systems usually has a single job like maintaining a target state or performing a specific task in an industrial environment through final control elements (FCEs), like control valves or pressure sensors.
So given their enormous importance to our everyday lives, you’d be right to think that it’s crucial to secure these types of systems from malicious activity. Applying layers of security to ICS can be challenging, however. Here are the main reasons why:
- Inherited Insecurity – In pretty much every industry in which they operate, these are inherently simple devices. They are among the oldest computerized devices around, and from the beginning they were designed and programmed to perform their tasks and nothing more. Security features were never incorporated into ICS because for decades, these devices were “air gapped,” meaning there was no means of connecting to these devices from outside networks, so they were rarely, if ever, exposed to external attacks. Security must therefore be layered around these systems by restricting and monitoring every conceivable access point into them.
- Increased Connectivity – Because the success of organizations is usually closely tied to the performance of these devices, managers want to see how they’re performing all the time. The desire for that data in recent years has prompted organizations to add many more connections into their ICS/OT environment from the business side of the corporate network, which itself is connected to the Internet. Every new network connection into OT increases risk.
- Narrow Maintenance Windows – Most of these systems hardly ever get a day off. Whether their goal is to drive profits or maintain health and safety, ICS/OT usually needs to operate all the time and the functions they perform often require pinpoint precision. Shutting off ICS off for hours at a time to perform upgrades is simply not an option. Instead, organizations frequently schedule the maintenance windows for these systems to happen once a year, and these windows must be meticulously planned to minimize disruptions to overall operations. Security practitioners can usually only perform security upgrades during these maintenance windows, putting pressure on them to get this crucial work done quickly and correctly the first time.
With this lack of intrinsic security and increasing exposure to outside networks, it’s no surprise that ICS threat activity keeps making headlines, mostly recently with governmental warnings about the potential for Russian-backed cyber-attacks against critical infrastructure. This means that it is more important than ever to know what your organization has and how it all connects. If you have any doubts as to the security of your ICS environment, then a good starting point is with an Secure Industrial Assessment. In our experience, these OT assessments typically uncover:
- 200 critical vulnerabilities
- 25 assets of which the client was unaware
- 7 wired connections that bypass OT firewalls
Just make sure to choose a cybersecurity consultant with advanced knowledge and experience in securing ICS because they will understand the crucial importance of performing non-disruptive analysis of these systems, leveraging industry-leading tools to perform unobtrusive, passive scans of even the most sensitive industrial environments.
If you have any questions, please reach out. We are here to help you keep your business safe: https://www.ionunited.com/contact/
You might also like
Employee Spotlight: Meet Peter Woods
iON is delighted to shine the Employee Spotlight on Contract Specialist, Peter Woods.Meet Peter WoodsOriginally from Ottawa, Peter moved to Calgary in 1999 after completing his degree. During this time, he began his career in procurement as a buyer and progressed through various roles in supply chain and contract management.Climbing and Lessons LearnedAlthough always active…
Employee Spotlight: Meet Chris Timmons
iON is pleased to shine the Employee Spotlight on Assessment Services Team Lead, Chris Timmons. Meet Chris Timmons From an early age, Chris has been a high achiever. He excelled at his elementary school in Pilot Butte, SK. And when he moved to Ottawa as a teen, he used previously taken classes to fast-track through Grade 11 and…
iON at Calgary Cyber Summit 2022
iON is proud to be a gold sponsor at this year’s Calgary Cyber Summit. Running September 13-16, the event hosts over 300 law enforcement, partner agencies, and corporate cybersecurity representatives from a dozen countries, allowing for unparalleled networking and learning opportunities. The theme of this year’s event is “Stronger Together,” with a focus on expanding…