The global market has experienced tremendous growth in automation and industry. A key factor in this growth is the Industrial Internet of Things. The IIoT allows operators to connect to multiple devices and control systems through wireless networks.
Industrial control systems (ICS) are beneficial to businesses, especially those requiring constant monitoring of their assets such as industrial sites and those offering or utilizing enterprise cybersecurity programs. Although they are common practice in IT networks, they are far less common in operations environments. However, they have been increasing in use and are highly recommended by the International Electrotechnical Commission, International Society of Automation, and National Institute of Standards and Technology as part of broader ICS safety and reliability programs.
Additional practices recommended by these agencies include: developing security policies, training, and educational material; separating corporate and ICS networks; restricting physical access to ICS networks and devices; building redundancies in system components and networks; and designing critical systems for graceful degradation to prevent catastrophic cascading events.
According to a publication by the National Institute of Standards and Technology (NIST), possible ICS incidents include the following:
- Blocked or delayed flow of information capable of disrupting ICS operations.
- Unauthorized changes to instructions, commands, or alarm thresholds. Such changes could damage, disable, or shut down equipment; create environmental impacts, or endanger human life.
- Inaccurate information sent to system operators, potentially causing the operators to initiate inappropriate action.
- ICS software infected with malware or configuration settings modified, with negative results.
- Interference with the operation of equipment protection systems, which could endanger costly and difficult-to-replace equipment.
- Interference with the operation of safety systems, which could endanger human life.
Standards development organization CSA Group offers evaluation and certification services. “In an increasingly digital world, companies are finding that they need both functional safety and cyber security,” said global business unit director Adam Garner. “The two services go hand-in-hand to help ensure the safety of a company’s assets, information, and people, as well as the surrounding environment. You really can’t have one without the other anymore.
Cybersecurity services offered by CSA Group combine expertise in functional safety evaluation with emerging technologies, which involve working closely with businesses of varying sizes to tailor solutions to individual needs. These solutions are beneficial in identifying potential issues early in the design phase while implementing security measures to reduce risk. In addition to remotely controlling and monitoring assets, ICS systems can also optimize efficiencies and cut costs, perform preventative diagnostics to predict failures and address them as needed, and improve scheduled maintenance routines.
The NIST recommends the following security objectives for ICS implementation in order to provide maximum security and eliminate the potentially devastating results of system failures:
- Restricting logical access to the ICS network and network activity through unidirectional gateways, a demilitarized zone (DMZ) network architecture with firewalls, and separate authentication mechanisms and credentials for users of the corporate and ICS networks.
- Restricting physical access to the ICS network and devices through the use of locks, card readers, and/or guards.
- Protecting individual ICS components from exploitation by testing and deploying security patches, disabling all unused ports and services, assuring they remain disabled, restricting ICS user privileges to only those that are required for each person’s role, tracking and monitoring audit trails, and using security controls such as antivirus software and file integrity checking software where feasible to mitigate malware.
- Restricting unauthorized modification of data, whether in transit or at rest.
- Detecting security events before escalating into incidents in order to help defenders break the attack chain before attackers accomplish their objectives, while also detecting failed components, unavailable services, and exhausted resources.
- Maintaining functionality during adverse conditions by designing the ICS so that each critical component has a redundant counterpart and ensuring that failed components do not generate unnecessary traffic on the ICS networks or cause any other issues, such as cascading events.
- Developing an incident response plan and restoring the system once an incident does occur.