May 25, 2016 By Laurie Gibbett 2 min read

Cyberattacks on industrial control systems (ICS) are on the increase due to the Internet of Things (IoT) revolution. With more and more connected endpoints, the increased volume of sensitive data only serves to increase the viable attack surface.

Unexplained code (presumably malware) has been found in numbers of critical national infrastructure (CNI) systems, and some has been lying dormant, undetected, for years. Evidence also suggests sophisticated intelligence gathering and infrastructure reconnaissance efforts, often carried out by nation-state actors, mercenaries and criminal gangs for financial gain.

Such infiltration is no longer restricted to the CNI community, where the safety of the public and the continuity of essential services are paramount: Manufacturing enterprises, smart buildings, automobiles — anyone or anything using industrial control systems is potentially at risk for this kind of cyberattack.

The Reality of Industrial Control Systems

Andy Kling, the director of cybersecurity and software practices at Schneider Electric, recently told Chemical Engineering Online, “As we integrate more digitalization into our lives, we are increasing the attack surface available to hackers.”

IDC predicted that the worldwide installed base of IoT endpoints will reach 25.6 billion by 2019 and approximately 30 billion connections in 2020. These devices will be enabled with digital sensing, computing and communications capabilities, giving passive objects the ability to create and deliver new data streams. As each new digital device adds another potential point of entry for a cyberattack, businesses require more effective and efficient security solutions.

The increase in malicious activity against industrial control systems observed by IBM X-Force pointed to the fact that the risk of a critical incident involving an ICS is now a significant reality. Securing ICS networks and systems is an absolute imperative for CNI organizations, but it should also be a high priority for CISOs in all organizations that use the technology. Rather than fighting the danger as it comes, combating cybercrime must be proactive.

Proactive Cybersecurity

Identifying threats is a growing necessity among corporations — and an ongoing issue. But how do we put out the fire before it’s even started? Fortunately there is an existing integrated solution to defend ICS against cyberthreats.

IBM Security and Check Point Software have teamed up to deliver an integrated security solution that detects and protects against ICS cyberthreats: ICS Secure. The solution enables detailed monitoring and control of the ICS environment, and it integrates with customers’ security incident and event monitoring (SIEM) tools to provide unprecedented levels of security intelligence.

The intelligence gathered by ICS Secure, which comes from a wide range of SCADA-type protocols, can be integrated with the security intelligence ingested from the traditional IS/IT systems. The resulting capability enables organizations to take the first steps in IT/OT convergence, bringing the ICS environment into the overall security envelope of the enterprise for the first time. ICS Secure augments IBM’s Security Consultancy Services, Product System Services, Penetration Testing Services and Emergency Response Services into an end-to-end cybersecurity solution for the enterprise.

Securing ICS and SCADA networks is fundamental for CNI organizations. Planning for critical incidents and employing the right technology to combat cyberthreats to ICS and IoT environments is not a theory for the future, but today’s reality.

Read the IBM X-Force Research Report: Security attacks on industrial control systems

More from Energy & Utility

The UK energy sector faces an expanding OT threat landscape

3 min read - Critical infrastructure is under attack in almost every country, but especially in the United Kingdom. The UK was the most attacked country in Europe, which is already the region most impacted by cyber incidents. The energy industry is taking the brunt of those cyberattacks, according to IBM’s X-Force Threat Intelligence Index 2024.The energy sector is a favorite target for threat actors. The complexity of systems and the reliance on legacy OT systems make them easy prey. Because of the critical…

Third-party breaches hit 90% of top global energy companies

3 min read - A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve in everyday life.Their increased dependence on digital systems facilitates the increase in attacks on infrastructure networks. This sheds light on the need for these energy companies to adopt a proactive approach to securing their networks and customer information.2023 industry recap:…

Today’s biggest threats against the energy grid

2 min read - Without the U.S. energy grid, life as we know it simply grinds to a halt. Businesses can’t serve customers. Homes don’t have power. Traffic lights no longer work. We depend on the grid operating reliably each and every day for business and personal tasks. That makes it even more crucial to defend our energy grid from modern threats. Physical threats to the energy grid Since day one, the grid has been vulnerable from a physical perspective. Storms knocking the grid…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today