It is no secret that the attack surface of industrial control systems (ICS) is growing quickly.
Organizations in critical infrastructure sectors need to be prepared to fight off accelerating ICS attacks that, in addition to causing prolonged operational downtime, may put people and communities in grave danger. These attacks are becoming more common as business digitalization, IT-OT convergence, and Internet of Things (IoT) adoption advance, as well as the cascading effects of rising geopolitical tensions.
After all, there is a distinct difference between ICS/OT hazards.
State-sponsored adversaries frequently target critical infrastructure systems with the malicious intent to disrupt operations, cause physical harm, or even facilitate catastrophic incidents that result in loss of life, in contrast to traditional attacks against enterprise IT networks that are primarily motivated by financial gain or data theft.
This is fact, not a fairy tale or work of fiction.
Three nuclear research institutes were the target of the Russian hacking outfit Cold River last summer, according to a request for information made to the US Energy Department by the heads of two US House subcommittees in early February.
Or consider the 2016 Crashoverride incident, which was orchestrated by the Russian government and disrupted the flow of electricity across the Ukrainian power grid at the transmission substation level. As a result, Kyiv, the capital of Ukraine, lost power for an hour overnight.
The incident acted as a microcosm of the changing cyber-risk environment, highlighting the significance of educated defense personnel with technical backgrounds who can efficiently monitor ICS networks and actively respond to attacks before they have a chance to cause damage.
After all, public health, environmental safety, and national security may all be at danger from a lax ICS/OT security posture.
Having stated that, it is the duty of critical infrastructure businesses to implement an effective ICS/OT security strategy that safeguards their operational assets against cutting-edge threats.
It is not necessary to adhere to minimal standards of compliance in order to stay out of financial or legal trouble.
It's about doing all possible to protect people from the effects of cybercrime in the real world, including not just their own employees but also those who live and work in the communities where they conduct their operations.
The Five Essentials of Successful ICS/OT Security
According to a new SANS Institute whitepaper titled "The Five ICS Cybersecurity Essential Controls," priorities must be balanced in order for ICS/OT security to be effective.
A recurring issue in the cybersecurity community is prevention bias.
The most well-known and widely-used security frameworks fall between 60% and 95% short in terms of detection and response but are primarily preventative in nature.
Because of this, many firms devote as little as 5% of their resources to monitoring for threats, taking action when they are detected, surviving attacks, and recovering from compromises.
Even the most rigorous protection measures are certain to be circumvented since ICS-related attacks are both rising in volume and velocity.
In order to achieve agile mitigation and recovery action, organizations need to integrate AI-enabled detection and response methodologies.
To achieve that balance, it is essential to adopt an ICS/OT security strategy that includes the following five crucial measures.
1. ICS incident response: To lessen the difficulty of responding to attacks in operational environments, an operations-informed incident response plan is created with targeted system integrity and recovery capabilities.
These drills highlight risk scenarios and use cases that are specific to their security environment, prioritizing actions according to their possible operational impact and how to set up the system to withstand an assault.
By making it easier to determine the root cause of future failure situations, they also improve operational resilience.
2. Defensible construction
Visibility, log collecting, asset identification, segmentation, industrial demilitarized zones, and process-communication enforcement are all supported by an efficient ICS-defensible architecture.
By lowering risk through system design and execution while promoting effective security team processes, it helps close the technological-human communication gap.
3. Monitoring of the ICS network: visibility is essential due to the "systems of systems" nature of ICS assaults. To do this, protocol-aware tool sets and systems of systems interaction analysis must be used to implement continuous network security monitoring of the ICS environment.
Using these capabilities can help operations teams become more resilient and aid in recovery by alerting them to potential vulnerabilities that need to be fixed.
4. Security for remote access: As cloud-based hybrid work structures have become more widely adopted, adversaries are increasingly using remote access to break into OT networks.
Historically, an organization's IT network served as the main entry point for attacks on an OT network, but today, threat actors can also take advantage of supply chain-wide IT network weaknesses.
For modern industrial operations, maintaining secure remote access controls is therefore essential.
5. Management of vulnerabilities based on risk:
Organizations can identify and rank the ICS vulnerabilities that pose the most risk using a risk-based vulnerability management methodology.
They frequently involve flaws that provide enemies access to the ICS or offer new functionality that can be used to create operational problems such a lack of visibility, control, or safety in an industrial setting.
Implementing controls and device operating conditions that support risk-based decision-making during prevention, response, mitigation, and recovery action is necessary for adopting risk-based vulnerability management.
I advise starting with the five important controls for sites that are having trouble managing their own ICS/OT security program.
Critical infrastructure businesses can use these five pillars as a guide to create an ICS security program that is suited to their particular risk profile.
The effectiveness of the controls, despite how important they are to ICS/OT security, still depends on an organizational culture of alignment where the seriousness of cyber-risk is acknowledged and given top priority at every level, from the board and executive leadership down to their security teams.
To stay up with the rapid nature of ICS assaults, ICS/OT security must adopt a defined strategy, combining the power of flexible controls and clearly defined processes.
Critical infrastructure businesses may drive their own defenses against malicious attackers with the correct architecture, software and hardware in place.
Comments