Security Technology Executive

SEP-OCT 2018

Issue link:

Contents of this Issue


Page 27 of 59

28 SECURIT Y TECHNOLOGY E XECUTIVE • September/October 2018 • www. INDUSTRIAL SECURIT Y T he digital revolution that trans- formed both commercial orga- nizations and governments is now affecting systems deployed in the industrial world – and at a frightening runaway pace. Such rapid change has left many organizations struggling to secure these systems and thereby reduce the likelihood of success- ful attacks. A recent survey throws the extent of this struggle into stark contrast, reporting that 69 percent of organiza- tions considered the threats to Industrial Control Systems (ICS) – which often run outdated, legacy software – to be high or severe/critical. The term ICS describes different types of systems used to operate, control and monitor a broad range of machinery from small, single-purpose devices such as water pumps, to a large infrastruc- ture such as a national railway network. ICS form the bedrock of organizations in industry sectors including utilities, transportation and manufacturing, and are often a key constituent of a country's critical national infrastructure (CNI). Many ICS are now interconnected with In today's modern, interconnected world, the potential impact of inadequately securing ICS can be catastrophic, with lives at stake, costs extensive and corporate reputation on the line. Photo Courtesy of Steps to Control Your Industrial Control Systems Organizations must take a risk-based approach to ICS security By Steve Durbin enterprise IT or external networks and are becoming increasingly attractive targets for attackers. ICS and Related Information Require Protection Physically, ICS need protection from unauthorized access, interference and damage. ICS-related information, such as commands to control machinery, critical monitoring data, sensitive architectural designs and user authentication creden- tials, also requires protection as this infor- mation is crucial to operation. The impact of a compromise of confi- dentiality, availability or integrity (CIA) of ICS-related information can include severe injuries or fatalities, major disrup- tions to business operations, substantial financial or operational penalties and sig- nificant reputational damage. However, protection of information is often given lower priority by ICS operators, architects and engineers, whose focus is on the safe- ty, reliability and availability (SRA) of ICS and the machinery they control. Organizations lack assurance over the security of ICS environments and have serious concerns about the effectiveness of ICS security arrangements. This is com- pounded by an increasing yet unclear level of risk to these environments and constraints on ICS protection. Conse- quently, there is a compelling need for business leaders to step in and demand increased security for ICS environments. Introducing ICS There are different types of ICS that con- trol and monitor physical machinery in industrial environments. These include PLC, DCS and SCADA. Furthermore, an ICS may be embedded in physical machinery, located in a remote device, be it a hand-held device, a local controller or part of an integrated system in a control room, or both. ICS are used in industry sectors that focus on large- scale physical activities, such as manufacturing , mining , utili- ties and transportation. ICS can also be located in an organization's supply chain, which can influence supply chain risks with suppliers of goods and services. ICS are often 'mission critical', 'safety critical' or support CNI. The control of

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - SEP-OCT 2018