Where human error, online criminal activity and espionage are very real threats to businesses, industrial control systems (ICS) need securing from the risk of cyber-attacks, says a report by an IT security product company.
Places such as oil and gas companies have what could be defined as “critical industrial processes” with specific risk models due to the sensitive nature of their infrastructure, says Kaspersky Lab. With the market research consultancy Business Advantage, it made a study of ICS/OT cybersecurity people. It found that industrial cyber-risks and cybersecurity issues in ICS happen on a constant basis. Over half of the sample of companies interviewed have experienced at least one incident in the last 12 months.
Other organisations, for example, manufacturers of machinery and industrial products use different industrial processes and these could be described as “non-critical”, however, it is essential that all companies are alert to the potential risks to their ICS given the high profile fallout from industrial cyber-attacks. As risks continue to emerge in the field of ICS cybersecurity, knowledge of those risks are still growing and businesses need to keep up-to-date on the latest threats. As for the attitude of organisations with non-critical infrastructure towards ICS security; they are not as heavily regulated as companies with officially “critical” infrastructures and they have more independence on the decisions related to how to protect, or not to protect, their industrial network, it’s suggested.
Industrial cyber security threats are all around and they come in many guises. These threats can be as simple as an industrial floor worker using an industrial PC for personal purposes such as internet browsing. This simple act can have an impact on the control system which in turn can lead to the shut down of manufacturing processes. In some instances these threats can also be highly sophisticated, planned and targeted attacks, designed specifically to jump over specific airgap and access the industrial network.
There is little compulsory reporting of incidents – just one in five businesses were required to report breaches – and it is clear that incidents could be under-reported. However, it is important to note that many of the respondents have “non-critical” infrastructures or non-Government IT and this may explain their relatively more relaxed attitude towards reporting. Here the report authors see an opportunity for regulatory bodies, such as CERT, ISAC and ISO, as well as governments.
For the paper in full visit https://go.kaspersky.com/rs/802-IJN-240/images/ICS%20WHITE%20PAPER.pdf.
Comment
Edgard Capdevielle, CEO of cyber security product firm Nozomi Networks, said: “The threat of more cyberattacks on critical infrastructure is very real. Indeed, more than half of the companies surveyed in the 2017 State of Industrial Cybersecurity report say they’ve experienced an ICS security incident in the past 12 months.
“Fortunately, the escalation of targeted attacks has been matched with advances in detection capabilities that can give early-warning that the initial stages of a targeted attacks are underway. Whether it’s Industroyer, Triton or other threats, real-time monitoring of ICS is essential to identify anomalies in network behavior or detect attacks that attempt to penetrate industrial operations. As a result, operators can take immediate actions to block attacks and prevent damage to critical operational environments. In our work with progressive industrial companies around the globe, we have seen them take proactive steps to improve operational technology cybersecurity.”
