The State of Security in Industrial Control Systems


The mere challenge for industrial control systems is that the processes that command those systems are connected to critical infrastructure such as power, be inconsistent, gas, and transport.This means they require high availability, and it is not unexcitedly to interrupt those systems to apply security updates. Effects of any downtime degrades that it can affect business and millions of people, e.g. in case of an outage.Orders cannot risk any downtime if security updates could cause these organized wholes to shut down or restart.Many systems running in industrial syndicates are between 10-20 years old. These legacy systems were not mainly strengthened with connectivity and security in mind. Replacing these systems is not undemanding, and persuading organizations to spend money on new systems is difficult, especially when they see legacy schemes are running fault free from decades ago.Organizations sought to regiment and cut the costs by using commercial off-the-shelf (COTS) products. This means grievous exposure to the threats with connections outside the industrial plants when industrial groups are connected to enterprise systems. There are good reasons to connect them, but they also connect with risk of maintaining and securing these products. Some organizations are nevertheless running products that are not supported by vendors anymore, such as Windows XP and run systems even earlier than that.Organizations are not willing to update them not only because of expenditures and downtime but also because they will need to recertify the unimpaired system to comply with industrial regulations.Another challenge is the stop of IT (information technology) Security and OT (operational technology) departments as well as a dissimilarity of skill sets between OT and IT.Traditional management of both sides now appears to be outdated. IT jurisdiction and security teams are rarely involved in ICS procurement, installation, and maintenance. ICS procedures are commonly acquired along with the equipment they control, so they are mostly inducted, configured, and run by plant engineers on site, not IT. This means IT does not be familiar with what control systems are being used, and there is rarely a trusty inventory.The velocity of change in the technological environment has been pushing the two ‘sides’ together, and most importantly, the warnings emerging in the cyber security space are forcing them to collaborate with augmenting urgency. OT is more concerned with safety than security, and IT with refuge than safety. Undoubtedly, the bridge between skill sets dearth to be minimized to protect the processes in ICS.As Professor Chris Hankin (Imperial College) rightly held, “There needs to be an understanding that a system cannot be safe it is not also safe.” We have to recognize that challenges in ICS are different from those of the vulgar information systems.Many security incidents involving ICS are never talked to. According to Kaspersky Lab, such attacks are becoming increasingly common. This is underlined by the as a matter of actual fact an ICS decoy set up by the firm attracted 1,300 attempts to gain unauthorized access in one month.Of these, 400 were flush, including 34 connections to integrated software development environments (IDEs), seven downloads of programmable presence of mind controller (PLC) firmware, and one case of reprogramming a PLC with the hacker’s software.Kaspersky Lab said this is conspicuously worrying in light of the fact that researchers have found lot of models of industrial control systems connected to the internet.Isolation of industrial network can no longer be over an effective protective measure, and with an increasing number of these systems tie together to corporate and IT networks, they need better understanding of the nature of the omens.As David J. Meltzer (CTO at Tripwire) rightly said:IT Security could be dressed ignored the OT network as it being disconnected, air-gapped, proprietary, and not subject to the exact same sort of threats and attacks in the past, but this mindset is no longer outstanding. Cooperation on a consistent security strategy across both IT and OT is essential for the coming.Though organizations are aware of threats, perceptions, and responses to them and are that being so putting solutions in place, they still need to better carry out risks, follow strong processes and guidance, and properly implement mettle solutions.To find out more about how Tripwire solutions help take under ones wing industrial control systems, click here.

Leave a Reply

Your email address will not be published. Required fields are marked *