Cyber-Security

Major Tips for ICS Cybersecurity

Major Tips for ICS Cybersecurity

In many industries, as more and more ICS(Industrial Control System) devices become interconnected, plant operations engineering and IT(Information Technology) teams are converging rapidly. For both the areas, convergence is challenging often causing conflict, creating gaps, and leaving the security risks unresolved.

An efficient cybersecurity program begins by building a bridge in-between both of them. Considering this, the IT professionals must make an effort to determine unique environment goals and requirements and priorities of OT and vice versa. This article provides major tips for ICS cybersecurity for IT professionals.

Also, Read: Official Institutions Lack Proper Cybersecurity

For IT security professionals who want to begin to cooperate on security with OT, understanding about OT functions is a great beginning place. Whether that implies getting a PLC training kit and understanding how these devices look like actually in the OT environments or reading a book on ICS or taking a class on industrial security controls, it is highly beneficial for IT professionals to just enter with an open mind and gain knowledge on the special challenges that are present on the plant side of the business.

You may think you have knowledge on cybersecurity as you are an IT professional, but after knowing that your concerns related to security are quite different than those of a plant operator, you might be quite surprised. Look out for a greenfield project where advanced technology enables IT to be involved without concern for general constraints that are imposed by previous legacy or brownfield infrastructure. When it comes to existing and brownfield infrastructure, combining newer methods and technology with legacy and outdated systems can potentially disrupt operations.

The OT professionals, meanwhile, don’t believe in doubt, uncertainty, and fear, and operate in a high-trust environment. Availability and uptime is their primary concern, and the plant operators tend to dislike the IT professionals on the shop floor. When it comes to classifying, prioritizing, or identifying assets, they are usually concerned with the top ten percent that has the most powerful impact on system availability and process controls.

The companies are creating a larger attack surface that can cause physical consequences in the form of a security incident without reconciling these differences. Most events, in fact, are attributed to unintentional human error that proves interaction between both the groups is highly important. The ways to enhance ICS security are mentioned below.

Secure the industrial controllers

Attackers are targeting the industrial controllers increasingly that link to physical devices such as robots, pumps, sensors to cause process disruption or physical damage. In order to counter those kind of bad actors, OT professionals must consider deploying solutions like Tofino Xenon, that can safeguard against malware, unauthorized changes, and malformed frames and prevent threats from spreading if they occur.

Secure the endpoints

The moment contractors or employees connect their devices, safeguards like air gaps, industrial protocols, and perimeter firewalls get bypassed. It is important to know your assets with those threats in mind. You must maintain a secure and hardened configuration on every endpoint, and track unauthorized changes in as close to real-time as possible.

Secure the network

IT professionals and plant engineers are concerned equally with inadvertent internal cyber incidents that disturb availability as well as attacks from external sources. Therefore, IT and OT professionals should work together to concentrate on strengthening edge protections between corporate and plant systems.

You must start tracking different information that you used to, including the vulnerability disclosures of Industrial Control System equipment. Consider reading ICS survey reports, going to industrial security conferences, and staying informed of ICS-CERT and alerts and threats.

Threats are changing constantly. We must keep abreast of threats that are facing the ICS sector as well as the IT sector because most of the similar problems still apply. There are many platforms available to keep up to date. Cybersecurity Information Sharing Partnership(CISP) run by the National Cyber Security Centre(NCSC) is an instance of one such platform. CISP is like a social network for security. CVE(Common Vulnerabilities and Exposures) databases are other sources that should not be ignored. These sites are established to let you know about what known vulnerabilities are present and must be utilized as a reference point when choosing new kit.

The IT professionals must remember that just because a specific product has no vulnerabilities that are known, it doesn’t mean that it is immune to attack or safer than other products. More vulnerabilities are listed for the products that are used commonly as there is a larger draw for an attacker to target them.

Comment here

This site uses Akismet to reduce spam. Learn how your comment data is processed.