A false sense of cybersecurity in industrial control systems
October 2017, IT in Manufacturing
“It won’t happen to us. What would anyone gain from attacking us?” this is all too often the message from companies, who have the mistaken impression that they are safe from cyber criminals and the huge damage that they can cause from cyberattacks. “I have an endpoint security solution and a firewall, so I’m safe.” Unfortunately, in the industries of today’s modern world there is no such thing as total and complete cybersecurity, as the most secure computer, the most secure HMI and the most secure industrial control system (ICS) switch, are those still sealed in boxes.
Although companies think that they are doing a better job at protecting and securing their data and operations on their ICS, cyber-attacks are becoming more sophisticated and they are increasingly targeting control systems. While some companies have made considerable security improvements, they have not kept up to date with today's well funded and determined cyber criminals. As much as companies have done to improve their ICS security posture, the cyber-criminal gangs have done better. ICS security incidents are up and technologies like cloud, Big Data, IIoT and Bluetooth are being embraced before the potential risks have been identified and addressed.
Cybersecurity is also no longer just a technology or an ‘IT issue’; it has become a fundamental business issue. Business needs to understand that they have to start incorporating cybersecurity into their future plans and strategy. With the business driving the industry towards the cyber-physical realm with more interconnected systems, the risks are increasing exponentially. The positives for these interconnected systems far outweigh the negatives, and companies are adopting these ‘new technologies’ in order to gain a competitive edge in the market by helping to improve productivity and enhance system controls. But failure to incorporate an adequate cybersecurity strategy, failure to have a resilient back-up plan, will result in your company becoming increasingly vulnerable to a growing number of cyber threats.
To put this into perspective, if your company is a victim of a cyberattack, how would you and your colleagues respond to that attack? Are you confident that the critical assets in your control systems have been backed up, and more importantly, are you sure that all of the critical assets have been correctly identified? Do you trust that your business continuity plan will have your company up and running again in a predefined space of time, in order to continue production? These are some of the questions that need to be tabled at both board and at senior management level.
Though technology plays a critical role in ICS cybersecurity, it does not help to think that by implementing a cybersecurity solution you will no longer be at risk. Anyone who tells you that they have a silver bullet solution regarding ICS cybersecurity is trying to sell you magic beans. The cybersecurity risks come from both external parties (cybercriminal) and internal entities (from staff), and attacks can be deliberate, targeted, technology issues or just simple carelessness. Therefore, the cybersecurity approach in ICS environments needs to be holistic and layered. It is a combination of technology, adequate training to both your security team members and general staff, designing a secure ICS network and enforcing policies and procedures.
Cybercrime is nothing new, but incidents specifically targeted at operational technology (scada systems for instance), is making the headlines like never before with companies across the globe suffering high profile and damaging breaches. Locally within South Africa (and Africa), we have been fortunate so far, as cyberattacks launched locally against manufacturing, mining and critical infrastructure, have been minimal with only a few reported incidents, but the scary stat is that these attacks are increasing.
For more information contact Tommy Thompson, Nclose, +27 (0)11 463 0096, firstname.lastname@example.org, www.nclose.com
- What is the future of blockchain in manufacturing?
February 2018, Absolute Perspectives, IT in Manufacturing
In manufacturing circles, it is probably fair to say that there is some uncertainty as to exactly what future impact blockchain may have on manufacturing systems. A number of cloud solution providers ...
- Guided operator solutions
February 2018, Adroit Technologies, IT in Manufacturing
At parts assembly production sites, where parts are picked from stock, it is almost inevitable that picking mistakes will occur. As parts become more complex and their component types increase, the problem ...
- Combine edge and operational data to maximise IoT value
February 2018, IT in Manufacturing
For industrial companies engaged in digital transformation, analytics are key to turning large volumes of data into business value to enhance operations and improve the customer experience. Facing intense ...
- Yokogawa releases web-based operations platform
February 2018, Yokogawa South Africa, IT in Manufacturing
Yokogawa has announced the release of FAST/TOOLS R10.03, the latest version of a web-based real-time operations management and visualisation software solution that scales perfectly from a small and hybrid ...
- Risk management in automotive manufacturing
January 2018, Rockwell Automation, IT in Manufacturing
In automotive manufacturing operations, risks that go unaddressed can lead to missed production targets, safety incidents and vehicle recalls.
- Choosing the best IIoT platform
January 2018, RJ Connect, IT in Manufacturing
Industrial computers vs. development boards.
- The mine of the future
January 2018, IT in Manufacturing
The mining industry is in a crisis. Failure to get the policy, legislative, administrative and operating environment right is being compounded by a decline in resource demand and resulting excess capacity, ...
- EcoStruxure for the mining and metals industry
January 2018, Schneider Electric South Africa, IT in Manufacturing
In the second quarter of 2017, the South African mining industry expanded by 3,9% on the back of increased production of coal, gold and other metal ores such as iron and manganese. A further driver for ...
- Synaptic Business Automation
January 2018, Yokogawa South Africa, IT in Manufacturing
Yokogawa working with customers to implement ideal business solutions.
- Industrial control system cybersecurity - Part 1: Risk assessment
January 2018, Nclose, IT in Manufacturing
In my articles last year, I pointed out how companies are not doing enough around cybersecurity and how they have a false sense of security about their industrial control system (ICS) networks, thinking ...
- Digital transformation and collaborating robotics
December 2017, Omron Electronics, IT in Manufacturing
Reflections on how to cope with societal discourse.
- Innovating in the process industry with PLM
December 2017, Absolute Perspectives, This Week's Editor's Pick, IT in Manufacturing
There might be an opportunity for you to adopt a proven technique from another industry in a new way and thereby gain a competitive edge for your business in its own niche.