Reducing Vulnerability to Cyberattacks
The need for secure systems is a growing priority for Industry Control System (ICS) operators. Recent high profile cyber-attacks against critical infrastructure, coupled with the growing list of published equipment vulnerabilities, and the availability of tools to simplify hacking is making many industrial customers nervous. Recent surveys reveal that 54% of ICS companies have suffered at least one cyber-attack in the last 12 months1, and 69% of ICS security practitioners feel that the threat to ICS systems is severe/critical2.
Schneider Electric has recognized the looming threat and is actively investing to improve ICS security. Schneider Electric has released a document designed to educate end users attempting to secure Industrial Control Systems (ICS). The 126-page document provides practical advice to individuals seeking to secure their ICS. Topics covered include methods of attack, risk assessment, security planning, network segmentation, firewalls, device hardening, system access control, and system monitoring and maintenance.
Excerpt:
Why is Security Important in Industrial Controls Today?
Cybersecurity is no longer a secondary requirement in the industrial controls world. It is as important as safety or high availability. Industrial control systems based on computer technology and industrial-grade networks have been in use for decades. Earlier control system architectures were developed with proprietary technology and were isolated from the outside world. In many cases, physical perimeter security was deemed adequate and cybersecurity was not a primary concern.
Today many control systems use open or standardized technologies such as Microsoft Windows operating systems and Ethernet TCP/IP to reduce costs and improve performance. Many systems also employ direct communications between control and business systems to improve operational efficiency and manage production assets more cost-effectively. This technical evolution exposes control systems to vulnerabilities previously thought to affect only office and business computers. Control systems are now vulnerable to cyberattacks from both inside and outside of the industrial control system network.
This technical evolution exposes control systems to vulnerabilities previously thought to affect only office and business computers. Control systems are now vulnerable to cyberattacks from both inside and outside of the industrial control system network.
1Kaspersky Labs State of Industrial Cybersecurity Survey, 2017
2Securing Industrial Control Systems, SANS 2017