Industrial control systems (ICS) are often considered to be isolated systems, safeguarded from the risks of cyberattack. However, these systems are also vulnerable! This is mainly because of the development of the Industrial Internet of things (IIoT), the increasingly stronger interconnection between operational technology and IT networks, and the convergence towards traditional technology (standard network protocols TCP/IP, microprocesser-based programmable logic controllers, etc.). However, an ICS is different from a traditional IT system and industrial cybersecurity must stand up to specific challenges.

Industrial cyberattacks vs. traditional cyberattacks, different impacts

A study conducted by Kaspersky Lab / Euler Hermes in December 2018 reveals that more than one SME out of five has been the victim of a cyberattack. Over the last few years, industrial cyberattacks have grown in scale: according to a report by the ANSSI (French National Cybersecurity Agency), the largest cyberattacks (in terms of resources used and financial impact) often target industrial sites.

The uniqueness of ICS
What makes an industrial control system (ICS) unique is the interaction it has with physical processes. As such, an ICS differs from a traditional IT system in 4 main ways:

  1. The role of an ICS is to preserve the integrity of physical processes.
  2. The material resources of an ICS are adjusted in order to manage physical processes but they may not be enough to implement security mechanisms.
  3. In an ICS, the time it takes to respond to human interactions and sensors is critical.
  4. As physical processes run continuously, industrial installations need to remain available. Therefore, interruptions (maintenance, updates) must be planned ahead.

Industrial IS and traditional IS: 4 different impacts

Traditional information systemsIndustrial information systems
Data theftPersonal data, bank data or medical information is accessed by unauthorized parties.Loss of manufacturing secrets, possible counterfeits, loss of competitive edge
Liability, image and reputationClients are notified and must change their passwords. Public relations must prove that everything has been done to guarantee that accounts remain secured.Claims are lodged to remedy the damage suffered. Trust in the industry is broken; client satisfaction is impacted.
Halt in production/work interruptionsProjects are on standby and employees no longer have access to data and systems.Industrial robots are at a standstill. Production is no longer continuous. Compliance with production regulations is no longer guaranteed.
Loss of profitsProjects are on standby. Clients lose their go-to person and turn to competitors.Without production, losses are too great to recover. Production parameters are modified and products are no longer compliant.

Cybersecurity priorities are not the same for the different systems. In an IT system, for example, confidentiality is the priority followed by integrity and data availability, whereas for industrial IT and OT systems the order is reversed. The main challenge in ensuring cybersecurity for industrial systems is the ability to maintain uninterrupted industrial processes.

2 specific impacts on industrial information systems

#1 Material damage and physical injury

Modifying the nominal configuration of installations can cause material damage and potentially have serious consequences and cost human lives.

#2 Environmental impact

Faulty installations can cause an overall system failure and have negative impacts on the environment.

Industrial cybersecurity: solutions for specific protection

Securing information systems cannot be the same for both a ‘traditional’ and industrial environment. IT cybersecurity focuses on overall protection which involves the following:

  • the installation and updating of antivirus software and firewalls
  • blocking network access to certain sites
  • updating software and operating systems
  • training and building awareness among employees

The approach of teams in charge of ICS cybersecurity must overcome 5 key constraints:

  • Taking into account physical processes*.
  • Using technology specially designed for industrial environments.
  • Mapping installations and analyzing risks: an inventory of all material installations, critical systems and applications – this enables us to identify each weakness, the needs as well as the objectives when faced with threats.
  • Placing actors, who are often unaware of the risks and thus responsible for a large part of incidents, at the heart of the security process – it is essential to promote rules of good computer hygiene, especially when it comes to access, login details or even the use of a simple USB flash drive.
  • Engage actively in intelligence to stay up-to-date with the threats and vulnerabilities that are unique to the ICS sector.
*Taking into account physical processes is a must
  • Include skills in security and industrial process control.
  • Adapt intrusion tests and security assessments for ICS in order to avoid interfering with physical processes.
  • Adapt measures for detecting intrusions in order to take into account attacks that target physical processes (for example Stuxnet or CrashOverride).

The challenge of industrial cybersecurity is to define security measures that are well adapted both in terms of technology and organization. The protection strategy must take a preventative approach and include measures for surveillance, detection and response.

Over the past few years, attacks on industrial systems have been spreading and have had serious consequences on production tools, on production processes and, in some cases, even on staff and the general public. Given this context, cybersecurity for industrial control systems (ICS) requires a specific approach that differs from that of conventional IT networks. To ensure effective protection, industrial companies must equip themselves with the right tool: that is what Sentryo offers with its ICS CyberVision security platform.