4 Key Components of Industrial Control System Protection

June 8, 2021
Amid the ongoing rise in cyber-attacks on industrial companies, it’s worth revisiting four basic, yet critical aspects of industrial control system cybersecurity.

With the gas shortages stemming from the ransomware attack on the Colonial Pipeline Co. still fresh in our minds, coupled with the fact that most cybersecurity efforts tend to focus on IT assets like servers and workstations, efforts to spotlight key factors of industrial control system security are receiving more attention than ever.

A study of 312 security professionals, conducted by Tripwire (a cybersecurity technology supplier) found that 99% of security professionals report challenges with the security of their IoT (Internet of Things) and industrial IoT devices, and 95% are concerned about risks associated with these connected devices.

Tim Erlin, vice president of product management and strategy at Tripwire, said, “In the industrial space specifically, more than half (53%) said they are unable to fully monitor connected systems entering their controlled environment, and 61% have limited visibility into changes in security vendors within their supply chain.”

Read  more about the Colonial Pipeline cybersecurity breach along with expert recommendations on avoiding and mitigating such attacks.

Because the actors behind a cyber-attack tend to take the path of least resistance, the majority of cyberattacks that occur are not highly sophisticated, Erlin said. “In most cases, practicing basic security hygiene, adapted for the environment, is the most effective way to protect against major cyber events.”

Following are four basic hygiene principles, suggested by Erlin, that can help harden critical systems against a cyber-attack: 

  • Visibility: Increased connectivity of control systems requires that we expand the notion of visibility. A complete and up-to-date inventory of all the devices in your environment is the most basic starting point for securing them.
  • Secure configuration: Once you know what’s in your environment, you can work to make sure everything is configured securely at the onset. A misconfiguration in your environment is like leaving the front door unlocked for an attacker. Finding and addressing misconfigurations can dramatically reduce the risk of compromise.
  • Managing vulnerabilities: Vulnerabilities are flaws in a system that an attacker can take advantage of to gain access or make changes. Addressing vulnerabilities in control systems may require strategies other than applying a patch, such as network segmentation.
  • Incident response: Planning a response before you’re in the middle of a crisis is important. This includes determining who should be involved, what their roles should be, and how information will be communicated. It also means ensuring that you have the technical tools to understand what happened. Log data from the systems involved and change detection data can decrease incident response time. 

“The cybersecurity market is full of advanced technologies that promise to stop the most sophisticated attacks, but evidence shows that a consistent focus on these basics pays off,” said Erlin.

Companies in this Article

Sponsored Recommendations

Strategizing for sustainable success in material handling and packaging

Download our visual factory brochure to explore how, together, we can fully optimize your industrial operations for ongoing success in material handling and packaging. As your...

A closer look at modern design considerations for food and beverage

With new and changing safety and hygiene regulations at top of mind, its easy to understand how other crucial aspects of machine design can get pushed aside. Our whitepaper explores...

Fueling the Future of Commercial EV Charging Infrastructure

Miguel Gudino, an Associate Application Engineer at RS, addresses various EV charging challenges and opportunities, ranging from charging station design strategies to the advanced...

Condition Monitoring for Energy and Utilities Assets

Condition monitoring is an essential element of asset management in the energy and utilities industry. The American oil and gas, water and wastewater, and electrical grid sectors...