The industrial control system (ICS) market is already worth $58 billion and should hit $81 billion by 2021, according to WhaTech. It’s no surprise; the burgeoning Internet of Things (IoT) is driving an industrial control environment that is more connected, integrated and intelligent — but that also opens new avenues of attack.

In fact, SecurityWeek reported that a new SANS Institute study found 32 percent of companies that experienced an ICS breach were unsure of how many times they had been breached, while 44 percent couldn’t identify the source of the attack. With IT experts facing larger challenges thanks to bigger networks and evolving technologies — and attackers poised to take advantage — can companies keep their ICS and SCADA networks safe from harm?

Logic Gates

Defense mechanisms for industrial control systems have historically focused on logical segmentation; if unique parts of the system are effectively insulated from one another, breaches have little impact. But according to Derek Harp of SANS, there’s a new worry: “cyber threats that are able to transcend that protection by riding along on media or taking advantage of remote connections.”

These attacks are difficult to detect once inside ICS perimeters. One response has been to leverage monitoring tools designed for IT networks, but the interface with ICS is often shaky at best and can lead to problems such as false positives, network slowdowns or even unexpected shutdowns. In other words, by going beyond logic, ICS operators can become their own biggest threat.

New Targets in the Control System

So how do ICS operators protect their assets? It starts with threat identification. The SANS report found that 73 percent agreed outside threats were among the top three risks, while 49 percent placed internal threats in the same category. To narrow the focus, however, better visibility is required.

For example, Intelligent Utility reported that while 74 percent of companies collect logs from their network devices, just 40 percent collect logs from control system apps. And with only 36 percent of businesses just beginning the process of integrating their industrial control system with IT solutions, the result is a kind of willful blindness — controls are under attack, but companies don’t know how or who’s to blame.

Along with better visibility, companies also need improved security at the vendor level. According to IT World Canada, just 20 percent of those asked said that qualification of security technologies by their ICS equipment vendors is mandatory, while 25 percent said this kind of rigor was only moderately important or not important. Without effective security testing before deployment, however, ICS systems are at significantly heightened risk.

Attackers are interested in ICS networks because they offer access to high-value targets and the opportunity to disrupt large-scale industrial efforts. Logical segmentation has been the standard response to malicious actors, but malware creators and disgruntled insiders alike are now capable of acting outside these bounds. To manage an increasingly interconnected, device-oriented ICS program, companies must take steps to improve visibility, enhance integration and test controls before they go live.

Looking for an ICS to live long and prosper? Start with logic, then go beyond.

More from

Most organizations want security vendor consolidation

4 min read - Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging.We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically.For this reason, 75% of organizations seek to…

How IBM secures the U.S. Open

2 min read - More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with the USTA, developing powerful generative AI models that transform tennis data into insights and original content. Using IBM watsonx, a next-generation AI and data platform, the team built and managed the entire…

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…