Importance of ICS Cyber Security

Posted by alvina on August 27th, 2018

ICS security is a matter of concern for industries because it is about protecting industrial control systems, the combined software and hardware meant for monitoring and controlling the working of machinery and relevant devices in an industrial setting.

Industrial control systems are used all through a wide array of industries across the world. These systems watch over, manage and organize everything from robotics, HVAC installations and even jail doors to nuclear power plants.

Earlier these systems were not connected and lacked communication and computing technologies. A main focus of the growing IoT (Internet of Things) and especially the Industrial IoT is connecting non-computing devices and enabling them to exchange data over the Web. While industrial control systems may not be linked to the internet themselves, the HMI (human-machine interface) that manages them usually are.

ICS cyber security was simpler in the past. Firewalls as well as demilitarized zones (DMZs) segregating the corporate and plant networks either were absent or unnecessary. Companies were basically concerned with protecting their systems physically with fences, gates and other such barriers.

But then the internet emerged and brought with it the threat of connectivity-enabled assaults that don’t need physical access to plants or systems present therein.

Why is ICS Security so Challenging?

The newer risks have made organizations to dedicate resources to protect their industrial control systems from deliberate or unintentional security threats. Protecting these systems that include ICS SCADA (supervisory control and data acquisition) is similar to other industrial safety systems. Humans and technology should work together to build strategies and processes that can be executed, built upon, modified and improved.

Still, ICS security has numerous challenges, major among them being the determination of who is responsible for the protection of these systems.

Who is blamed for a breach of an organization? Is it the IT team that has budget and experience for digital security but has no insight about how an industrial setting operates? Or is it the OT (operational technology) personnel who monitor industrial control systems but are not adequately tested for their ability to protect against cyber threats?

To find out the answer, a leading company researched why many companies’ ICS products, as well as software, are not receptive to IT security policies. They also explored the thin line segregating IT from OT as a junction of different policies and priorities.

The result says that IT values confidentiality first and then integrity and finally availability. And OT prioritizes availability (and security) for deactivating certain systems that could endanger ordinary people’s lives.

All in all, ICS security is essential for any business and the business owners should arrange for it on priority.