Important to understand the risk of Industrial Control Systems
Industrial Control Systems are most typically found within manufacturing and utility production, but similar challenges exists in other embedded systems. Examples can not only be found in utility companies or the manufacturing industry (PLC, DCS, SCADA) but also in retail, logistics, healthcare, etc.
Consider for example the use of Building Management Systems (BMS), Warehouse Management Systems (WMS), Medical Scanning Devices (MSD), or common equipment such as elevators, locking systems, domestic heating, air compressors etc. All this equipment is vulnerable to cyber-attacks if connected to a network for example for reporting, controlling or updating.
It is important for all of us to understand the risks of our industrial control systems and the obligation to build and operate them in such a way that they offer maximum protection against an attack.
- When working with connected ICS make sure the control network infrastructure design addresses cybersecurity. For an example, please see SANS ICS 410 illustration. (pdf, 70 KB, new window)
- Make sure you know what equipment is connected, what software you’re running and keep your access control up-to-date with access granted only on a need to know basis.
- Assess vulnerabilities in ICS systems regularly by scanning assets for vulnerabilities or conducting a penetration test on networks.
- Back up all key systems regularly and store at least one recent, complete, backup set in a remote site.
- Consider deploying an ICS-aware Intrusion Detection / Prevention System (IDS/IPS) or Next Generation Firewall (NGFW) to gain visibility and control on your production network segments
- Protect critical information in your ICS from unauthorized access and keep off-line copies and backups.
- Create visibility of your network and maintain routines and capabilities to act in case of a disruption.
Ask these questions
To protect your organisation from future cyber-attacks causing loss of life or material damage we believe it is very important to keep a grip on the matter. We propose you start asking the below questions;
- Are our operations dependent upon the operation of machines or equipment connected to IT systems or networks?
- Could a disruption or manipulation of our operations’ IT systems or underlying networks result in loss of life or physical damage to our products, goods, machines or facilities?
- Are our operations’ IT systems connected to the company network or accessible remotely over internet by employees or third parties?
- Have we conducted a recent security test of our operations’ IT systems and associated network connections?
- Could a disruption or manipulation of our operations’ IT systems or underlying network result in any form of business interruption?
Erik van der Heijden
Senior Risk Engineer, If