Building cyber resilience for industrial control systems
The hyper-convergence of information technology and operational technology is having a profound impact on industrial control systems (ICS). The rise of the fourth industrial revolution, also known as Industry 4.0, promises to significantly increase the performance, scalability and reliability of a plant; however, these enhancements don’t come without their own challenges. One such challenge is cybersecurity. The threat landscape in automation and process control systems is evolving at an alarming rate with attacks continuously increasing in sophistication, frequency and severity. The reality is that operators of critical infrastructure assets in all industry verticals are struggling to keep up with the growing number of attack mechanisms and entities attempting cyber threats from all over the world; in fact, cyber-attacks on critical infrastructure have evolved to be the new normal for ICS operators.
There is a common misconception that the primary objective of cybersecurity should be to eliminate all security risks, exposures and vulnerabilities; however, in my experience this is simply not feasible in most situations. Nothing is unhackable. I believe that the main goal and objective should be focused on understanding the plant’s security risk profile and increasing its overall security posture, using a multi-layered holistic cyber-defence approach known as ‘defence in depth’. The reality is that every launched attack will cost time and money for threat actors; as such, they will normally focus on easy targets by finding easily exploitable system vulnerabilities and weaknesses. By raising the security posture of your ICS, you inherently raise the organisation’s security status to a level of ‘too expensive to hack’, which considerably reduces the likelihood of becoming a target and victim of a cyber-attack. In simple terms, you should drive threat actors to easier targets by making your systems too expensive to attack.
Implementing a cyber-resilient ICS is a challenging topic for most organisations; moreover, there is currently a severe shortage of industrial cybersecurity professionals required to help protect ICS assets for critical infrastructures in all industry verticals — a shortage that is expected to get much worse in the foreseeable future. In order for organisations to have a fighting chance to protect themselves against the evolving cybersecurity threat landscape, automation is currently the most efficient and effective way to drastically reduce the volume of threats and to enable continuous threat detection, prevention and remediation — of both known threats and zero-day exploits. The good news is that there are now several OT-centric industrial cybersecurity solutions developed in recent years that are designed to leverage automation coupled with AI and machine learning in order to provide operators with actionable intelligence on their critical ICS assets in near real time. Many of these security solutions also operate in passive mode, which is a crucial element for mission-critical and safety-critical systems; in other words, the security solutions should not have the potential to have any harmful impacts to the availability, performance or integrity of the ICS ecosystem.
Modern cyber-attacks require modern solutions. Organisations that try to defend against the growing sophistication of the cyber-threat landscape using manual efforts will find themselves at a significant disadvantage against very determined threat actors. Security automation tools should be leveraged whenever possible to help ensure a strong security posture for the ICS infrastructure and increase the chances of defeating threat actors and their often-devastating attacks. When it comes cyber-attacks, automation is the ultimate equaliser.
Anticipating maintenance problems with predictive analytics
By utilising predictive analytics, process manufacturers can predict failures, enhance...
Air-gapped networks give a false sense of security
So-called 'air-gapped' OT networks can still fall victim to cyber attacks, so what is the...
Maximising automation flexibility: the ISV-driven approach
Vendor lock-in has long been a significant barrier to innovation in the industrial sector, making...