June 30, 2015 By Douglas Bonderud 2 min read

The industrial control system (ICS) market is already worth $58 billion and should hit $81 billion by 2021, according to WhaTech. It’s no surprise; the burgeoning Internet of Things (IoT) is driving an industrial control environment that is more connected, integrated and intelligent — but that also opens new avenues of attack.

In fact, SecurityWeek reported that a new SANS Institute study found 32 percent of companies that experienced an ICS breach were unsure of how many times they had been breached, while 44 percent couldn’t identify the source of the attack. With IT experts facing larger challenges thanks to bigger networks and evolving technologies — and attackers poised to take advantage — can companies keep their ICS and SCADA networks safe from harm?

Logic Gates

Defense mechanisms for industrial control systems have historically focused on logical segmentation; if unique parts of the system are effectively insulated from one another, breaches have little impact. But according to Derek Harp of SANS, there’s a new worry: “cyber threats that are able to transcend that protection by riding along on media or taking advantage of remote connections.”

These attacks are difficult to detect once inside ICS perimeters. One response has been to leverage monitoring tools designed for IT networks, but the interface with ICS is often shaky at best and can lead to problems such as false positives, network slowdowns or even unexpected shutdowns. In other words, by going beyond logic, ICS operators can become their own biggest threat.

New Targets in the Control System

So how do ICS operators protect their assets? It starts with threat identification. The SANS report found that 73 percent agreed outside threats were among the top three risks, while 49 percent placed internal threats in the same category. To narrow the focus, however, better visibility is required.

For example, Intelligent Utility reported that while 74 percent of companies collect logs from their network devices, just 40 percent collect logs from control system apps. And with only 36 percent of businesses just beginning the process of integrating their industrial control system with IT solutions, the result is a kind of willful blindness — controls are under attack, but companies don’t know how or who’s to blame.

Along with better visibility, companies also need improved security at the vendor level. According to IT World Canada, just 20 percent of those asked said that qualification of security technologies by their ICS equipment vendors is mandatory, while 25 percent said this kind of rigor was only moderately important or not important. Without effective security testing before deployment, however, ICS systems are at significantly heightened risk.

Attackers are interested in ICS networks because they offer access to high-value targets and the opportunity to disrupt large-scale industrial efforts. Logical segmentation has been the standard response to malicious actors, but malware creators and disgruntled insiders alike are now capable of acting outside these bounds. To manage an increasingly interconnected, device-oriented ICS program, companies must take steps to improve visibility, enhance integration and test controls before they go live.

Looking for an ICS to live long and prosper? Start with logic, then go beyond.

More from

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today