Industrial control system cybersecurity continues to be an elusive concept to companies who have not made advancements in securing company assets that are connected to the internet. The guys at Automation World have you covered, though. They have compiled a very simple 3 principle approach to protecting your industrial operations that will or do function with the Industrial Internet of Things.
One of the issues for industrial operations is that attacks can be performed on the Supervisory Control and Data Acquisition (SCADA) systems. A study by Booz Allen Hamilton showed that the US Department of Homeland Security dealt with 295 industrial incidents in 2015. Energy utility companies were the most heavily attacked. Other companies included manufacturing facilities in the car, electrical and metal industries. The utilities said the attacks were by ransomware criminals that tried to access their enterprise networks. The director of Industrial Security at Booz Allen says enterprise networks are the first to get hacked. Once enterprise networks have been accessed, the actual operational technology of an industrial operation is targeted. Once the operational technology is targeted, things like SCADA systems and other industrial control systems are at the mercy of hackers. The report indicated that more hacking incidents happened in 2015 than any other year, however, 2016 could eclipse that statistic.
Automation World's 3 point policy for securing industrial systems with cybersecurity is as follows:
- A top-down security approach with centrally-defined plant-wide policies that are automated to ensure consistent shieldign of all field assets.
- A focus on security essentials, i.e. securing what matters and doing the basic things right, repeatedly, to shield industrial assets from risk.
- Prioritize protection of field assets, which are key for production safety and integrity.
Eli Mahal, who wrote the three point cybersecurity policy, works for a cybersecurity company named Next Nine. He says: "Both the NIST framework and NERC-CIP v5 say that asset identification is foundational for knowing what must be protected. A comprehensive and up-to-date asset inventory is vital to developing and maintaining an appropriate defense of an industrial network and infrastructure. The owner/operator needs clear visibility into what devices are on the network; what they communicate with and how; the characteristics of the devices; and the presence of any known vulnerabilities.
Some companies believe that employing air-gapped industrial equipment is the answer. This would include using equipment that has never been exposed to the internet or a previous network. This is not a viable option due to the Industrial Internet of Things surging forward and bringing in a new era of efficiency for industrial operations.
However, those companies shouldn't have to worry because now there is a gap in the market for private cybersecurity firms. Post-Quantum, a cybersecurity firm in the United Kingdom just secured $10.4 million of investment. The company specializes in cybersecurity for "enterprises and organizations", which include: banks, government, and healthcare. Another company this week named Darktrace secured funding of $65 million, and another company named SecurityScoreCard received $20 million. The cyber-protection of industries has never been more lucrative for engineers than it has been today.
"Organizations should address the security essentials and focus on doing the basic things right, such as applying qualified operating system patches and anti-virus signatures, collecting and analyzing devices logs, and scanning IP address ranges to look for unexpected changes," Mahal concluded.