A false sense of cybersecurity in industrial control systems
October 2017, IT in Manufacturing
“It won’t happen to us. What would anyone gain from attacking us?” this is all too often the message from companies, who have the mistaken impression that they are safe from cyber criminals and the huge damage that they can cause from cyberattacks. “I have an endpoint security solution and a firewall, so I’m safe.” Unfortunately, in the industries of today’s modern world there is no such thing as total and complete cybersecurity, as the most secure computer, the most secure HMI and the most secure industrial control system (ICS) switch, are those still sealed in boxes.
Although companies think that they are doing a better job at protecting and securing their data and operations on their ICS, cyber-attacks are becoming more sophisticated and they are increasingly targeting control systems. While some companies have made considerable security improvements, they have not kept up to date with today's well funded and determined cyber criminals. As much as companies have done to improve their ICS security posture, the cyber-criminal gangs have done better. ICS security incidents are up and technologies like cloud, Big Data, IIoT and Bluetooth are being embraced before the potential risks have been identified and addressed.
Cybersecurity is also no longer just a technology or an ‘IT issue’; it has become a fundamental business issue. Business needs to understand that they have to start incorporating cybersecurity into their future plans and strategy. With the business driving the industry towards the cyber-physical realm with more interconnected systems, the risks are increasing exponentially. The positives for these interconnected systems far outweigh the negatives, and companies are adopting these ‘new technologies’ in order to gain a competitive edge in the market by helping to improve productivity and enhance system controls. But failure to incorporate an adequate cybersecurity strategy, failure to have a resilient back-up plan, will result in your company becoming increasingly vulnerable to a growing number of cyber threats.
To put this into perspective, if your company is a victim of a cyberattack, how would you and your colleagues respond to that attack? Are you confident that the critical assets in your control systems have been backed up, and more importantly, are you sure that all of the critical assets have been correctly identified? Do you trust that your business continuity plan will have your company up and running again in a predefined space of time, in order to continue production? These are some of the questions that need to be tabled at both board and at senior management level.
Though technology plays a critical role in ICS cybersecurity, it does not help to think that by implementing a cybersecurity solution you will no longer be at risk. Anyone who tells you that they have a silver bullet solution regarding ICS cybersecurity is trying to sell you magic beans. The cybersecurity risks come from both external parties (cybercriminal) and internal entities (from staff), and attacks can be deliberate, targeted, technology issues or just simple carelessness. Therefore, the cybersecurity approach in ICS environments needs to be holistic and layered. It is a combination of technology, adequate training to both your security team members and general staff, designing a secure ICS network and enforcing policies and procedures.
Cybercrime is nothing new, but incidents specifically targeted at operational technology (scada systems for instance), is making the headlines like never before with companies across the globe suffering high profile and damaging breaches. Locally within South Africa (and Africa), we have been fortunate so far, as cyberattacks launched locally against manufacturing, mining and critical infrastructure, have been minimal with only a few reported incidents, but the scary stat is that these attacks are increasing.
For more information contact Tommy Thompson, Nclose, +27 (0)11 463 0096, firstname.lastname@example.org, www.nclose.com
- Kick-start the organisation’s IIoT/Industrie 4.0 journey
November 2017, RJ Connect, IT in Manufacturing
Consequently, these challenges have set in motion a number of changes in factories, culminating with the introduction of new technologies and concepts.
As optimal production is pivotal in the age of ...
- Soteica Visual MESA solution for thermal power plants
November 2017, Yokogawa South Africa, IT in Manufacturing
However, many TPPs face problems in optimal load distribution and optimal planning of equipment, operational monitoring of key performance indicators, as well as avoiding penalties by minimising harmful ...
November 2017, IT in Manufacturing
- EcoStruxure for mining and metals
November 2017, Schneider Electric South Africa, IT in Manufacturing
Redefining power and automation technologies makes it easier to deploy digital capabilities.
- IIC launches smart factory machine learning testbed
November 2017, IT in Manufacturing
The Industrial Internet Consortium (IIC), the world’s leading organisation transforming business and society by accelerating the adoption of the Industrial Internet of Things (IIoT), has announced the ...
- The IoT.nxt big thing
October 2017, IT in Manufacturing
Future-proof digital platform bridges the operational silos of traditional legacy systems.
- The potential value of manufacturing analytics
October 2017, Absolute Perspectives, This Week's Editor's Pick, IT in Manufacturing
Mature analytics organisations understand the value of using digital technology to tap into data to achieve better business performance.
- Tomorrow’s digital technologies take flight at Aerosud Aviation
October 2017, 1Worx, IT in Manufacturing
This article deals with the implications of the changes for South Africa and how these could best be leveraged to support objectives as spelled out in the NDP, namely industrial growth, exports and the creation of high-value employment opportunities.
- New technology automates Modbus routing setup in gateways
October 2017, RJ Connect, IT in Manufacturing
Save time and money when configuring and managing a large number of Modbus devices.
- Emerson upgrades handheld communicator
October 2017, Emerson Automation Solutions, IT in Manufacturing
The AMS Trex Device Communicator leverages industrial IoT solutions to improve reliability decision making.
- Next-gen MES Technology
October 2017, This Week's Editor's Pick, IT in Manufacturing
Manufacturing execution systems (MES) can help manufacturers and other industrial organisations reduce costs while improving operations, collaboration, asset management, workflow and safety.
- Rockwell Automation expands MES applications
October 2017, Rockwell Automation, IT in Manufacturing
Rockwell Automation continues to develop its scalable MES applications to allow operations to configure their environment without programming, add more applications, increase DCS process system integration, ...