Securing Industrial Control Systems from the Inside and Out

Nov. 6, 2015
ICS threats can be malicious attacks from the outside or operator error. To address both, PAS has a new version of Cyber Integrity, adding patch management, security policy workflows and enhanced visibility from the operator dashboard.

For the last several months, officials from PAS have been traveling the globe talking to manufacturing executives about best practices for securing industrial control systems (ICS). A few years ago these trips were focused on educating companies on the vulnerabilities of the ICS. But today, interestingly, CIOs and cybersecurity professionals understand that the safeguards currently in place only scratch the network surface.

About 20 percent of cyber assets sit on the information technology (IT) network using standard protocols—which is what is currently secured with firewalls and anti-virus software, while 80 percent of inventory is hidden in operation technology (OT) control systems in the form of I/O cards, firmware, software, and hard to get to proprietary protocols. In other words, the majority of the plant is susceptible to attack.

That’s not a good situation to be in considering that the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) recently reported that the number of ICS attacks have increased sixfold since 2010.

PAS, which has had ICS security since 2004 as part of its asset management and change management Integrity Software Suite, is building upon that foundation. This past May the company created a Cyber Security Business Unit and rolled out a version of its Cyber Integrity product that added a way to gather and maintain an accurate inventory of cyber assets, as well as cybersecurity configuration management and system backup and recovery.

This week, the company introduced Cyber Integrity 5.0, including enhanced workflows and security policies. The software now automates a closed-loop patch management process and provides enhanced dashboard capabilities.

The idea of patch management has been around for a long time on the IT side—as in Microsoft’s “patch Tuesday,” an unofficial term used to refer to Microsoft’s regular releases of security patches for its products. The OT world, however, doesn’t have anything like that. That’s because ICS system updates are less frequent, but more importantly, much more complex.

“Patch management for today’s control systems lack critical capabilities required to help industrial organizations meet cybersecurity best practices and regulatory standards,” said Peter Reynolds, a senior analyst at ARC Advisory Group.

But Cyber Integrity 5.0 changes that. It now includes a closed-loop automation patch management function that can pull in ICS updates from any distributed control system (DCS) vendor and do a comparison against its cyber asset database—which is based on an inventory of a manufacturer’s automation assets.

While PAS can’t automatically update the ICS due to the system’s sophistication, Cyber Integrity does provide visibility into patches needed and direction for next steps.

“We don’t automatically download patches into the control system, but through workflows we make sure the people responsible for the system have it as a task to work through the process,” said PAS chief marketing officer David Zahn.

The second thing Cyber Integrity 5.0 brings to the market is a management dashboard that provides near real time visibility into ICS assets to drive action. For example, from a cybersecurity specialist to a plant manager, every person has a different responsibility. The dashboard contextualizes the view to provide information relevant to the role. This addresses the human factor of cyber security.

“I personally believe that 90 percent of incidents that occur are due to inadvertent errors, because we, as humans, make mistakes,” said Eddie Habibi, CEO of PAS. “The threat of inadvertent mistakes is larger than external malicious attacks and needs more attention. We approach this by addressing all of the things an operator needs to succeed.”

Operators need a high performance interface, alarm management, boundary management, and a decision support system. All of that comes to the operator through the automation layer.

“If the automation layer is robust and working well, we can support an operator in their endeavor to have a safe and uneventful day,” said Habibi.

Companies in this Article