Industrial Control System Security (ICS Security)

Industrial Control System Security (ICSS)

Threats to Industrial Control Systems (ICS), which fall under Operational Technology, are becoming a common threat from cybercriminals, hacktivists, disgruntled employees, and state-sponsored terrorism. For example, recently, there have been attacks on a water facility in Florida and a Gas line facility in Georgia. These attacks can disrupt essential life functions such as water, power, gas, healthcare, transportation, manufacturing, and other critical services.

So, why have these attacks increased? The advancements in technology have allowed these systems to be operated automatically and remotely via the Internet. The Internet has also made these former "behind-the-scenes" legacy remote and isolated control systems visible to the world.
Protecting ICS from the outside world and internal sabotage requires different security methods than our off-the-shelf cybersecurity solutions.

What are Industrial Control Systems?
Industrial control systems are specifically focused on monitoring and managing industrial processes. Industrial control systems provide the components that ensure proper and continuous operation of a wide range of industrial systems – from power to water to manufacturing and other critical systems. ICS gets data from remote sensors that monitor and measure process variables. These variables are compared with preset points and thresholds. If the thresholds or metrics are not met, the ICS can adjust in real-time to ensure proper and safe operations. These adjustments include the safety systems as well to ensure a shutdown in case of out of boundaries performance.

What is Industrial Control System Security?
ICS security is defined as safekeeping and securing industrial control systems and the necessary software and hardware from cyber threats. It is often referred to as OT security. It includes a wide range of practices, including:

Asset inventory and detection:

Asset inventory and detection is a system that keeps track of all assets, such as sensors, devices, values, and other critical and operation equipment types.

Vulnerability management:

Vulnerability management is a cyclical practice of identifying, classifying, remediating and mitigating security vulnerabilities. The essential elements of any vulnerability management program are vulnerability detection, vulnerability assessment, and reporting.

Network intrusion protection and detection:

Network Intrusion protection and detection systems are designed to identify suspicious and malicious activity through network traffic and protect your network from unauthorized access and malicious activities.

Endpoint detection and response:

Endpoint Detection and Response is an integrated endpoint security solution that combines continuous, real-time monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.

Patch management:

Patch management is the process of acquiring, validating, and installing multiple patches on existing applications and software tools systems, enabling them to stay updated or fix or improve operations or security.

User and access management:

User Access Management (UAM), also known as identity and access management (IAM), is the administration of giving individual users within the system access to the tools they need at the right time.

How does it differ from traditional IT Security?
In the ICS world, the most significant risks are to the safety of people and property, followed by availability and integrity.
The protected devices are often sensitive to unintended changes or interactions, including a whole new class of OT assets known as embedded equipment. In addition, they are typically much older than IT systems.

Risks are not only to information confidentiality but especially to the availability and integrity of the process or safety to personnel and property. Inappropriately stopping or starting an operation can cause more harm than good, so different skillsets and knowledge are required.
The detection, response, and remediation of risks require different techniques because of the differences in types of devices.

The National Institute of Standards and Technology has published the Guide to Industrial Control Systems Security to help organizations develop a security framework for their systems. The guide is available at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf.
Be the first to comment