The industrial control system (ICS) market is already worth $58 billion and should hit $81 billion by 2021, according to WhaTech. It’s no surprise; the burgeoning Internet of Things (IoT) is driving an industrial control environment that is more connected, integrated and intelligent — but that also opens new avenues of attack.
In fact, SecurityWeek reported that a new SANS Institute study found 32 percent of companies that experienced an ICS breach were unsure of how many times they had been breached, while 44 percent couldn’t identify the source of the attack. With IT experts facing larger challenges thanks to bigger networks and evolving technologies — and attackers poised to take advantage — can companies keep their ICS and SCADA networks safe from harm?
Defense mechanisms for industrial control systems have historically focused on logical segmentation; if unique parts of the system are effectively insulated from one another, breaches have little impact. But according to Derek Harp of SANS, there’s a new worry: “cyber threats that are able to transcend that protection by riding along on media or taking advantage of remote connections.”
These attacks are difficult to detect once inside ICS perimeters. One response has been to leverage monitoring tools designed for IT networks, but the interface with ICS is often shaky at best and can lead to problems such as false positives, network slowdowns or even unexpected shutdowns. In other words, by going beyond logic, ICS operators can become their own biggest threat.
New Targets in the Control System
So how do ICS operators protect their assets? It starts with threat identification. The SANS report found that 73 percent agreed outside threats were among the top three risks, while 49 percent placed internal threats in the same category. To narrow the focus, however, better visibility is required.
For example, Intelligent Utility reported that while 74 percent of companies collect logs from their network devices, just 40 percent collect logs from control system apps. And with only 36 percent of businesses just beginning the process of integrating their industrial control system with IT solutions, the result is a kind of willful blindness — controls are under attack, but companies don’t know how or who’s to blame.
Along with better visibility, companies also need improved security at the vendor level. According to IT World Canada, just 20 percent of those asked said that qualification of security technologies by their ICS equipment vendors is mandatory, while 25 percent said this kind of rigor was only moderately important or not important. Without effective security testing before deployment, however, ICS systems are at significantly heightened risk.
Attackers are interested in ICS networks because they offer access to high-value targets and the opportunity to disrupt large-scale industrial efforts. Logical segmentation has been the standard response to malicious actors, but malware creators and disgruntled insiders alike are now capable of acting outside these bounds. To manage an increasingly interconnected, device-oriented ICS program, companies must take steps to improve visibility, enhance integration and test controls before they go live.
Looking for an ICS to live long and prosper? Start with logic, then go beyond.