What is ICS cybersecurity?
The term ICS is used in a broad sense to refer to programmable-based devices that are used to control, monitor, supervise, automate, or interact with assets used in continuous, discrete, and hybrid processes in manufacturing, infrastructure, and other commercial and industrial sectors.
At its heart, ICS cybersecurity is about both protecting industrial assets and recovering from system upsets that occur from electronic communications between systems, or between systems and people.
An ICS includes various components, such as the following:
- Distributed Control Systems (DCS)
- SIS
- HMIs
- Historians
- Supervisory Control And Data Acquisition (SCADA)
- Programmable Logic Controllers (PLCs)
- Remote Terminal Units (RTUs)
- Intelligent Electronic Devices (IEDs)
- Power Monitoring Systems (PMSs)
- Protection relays
- F&G
- ESD
- PSD
- BMS
- Building Control Management Systems (BCMSs)
- Electrical Network Monitoring Control Systems (ENMCSs)
- Alarm management systems
- Intelligent Asset Management Systems (IAMSs)
- Sensors and transmitters
- Valves
- Drives, converters, and so on
Establishing a secure baseline for an ICS can be a complex and wide-reaching process as this can cover software, hardware, and communications interfaces. These hardening parameters need to be defined, at the very minimum level, by the following:
- OS security
- Endpoint security
- Embedded device security
- Application software security
- Network security
- Access control (physical and logical)
- Anti-malware
- Security monitoring
Despite certain common attributes, ICS differs from the traditional IT systems that are widely deployed in office and enterprise networks. Historically, ICS implementations were heavily reliant on physical security and lacked interconnection with IT networks and the internet. However, as the trend toward ICS intertwining with IT networks intensifies, this creates a greater need to secure these systems from remote, external threats as well as against adversary and non-adversary threats such as disgruntled employees, malicious intruders, and malicious or accidental actions taken by insiders.
In relation to the CIA’s information security model, availability and integrity are given precedence over confidentiality for ICS. The ICS security model is therefore often referred to as an AIC model. In the meantime, reliability and safety remain top priority!
The following figure compares the priorities of the ICS security model with the IT information security model:
Figure 1.7 – An ICS versus an IT model
Let’s have a closer look at the definition of each element of the (S)AIC triad:
- Safety: The assurance from unacceptable risk.
- Availability: The ability of a system or asset to be accessed and used by an authorized user when required.
- Integrity: The assurance that a system or asset is accurate and complete. It also refers to the assurance that the system or asset can only be modified by an authorized user.
- Confidentiality: The assurance that a system or asset is only accessible to an authorized user and is kept secure from unauthorized access. It also refers to the assurance that information within the system or asset is only accessible to an authorized user.
The increasing convergence of business and plant floor systems, emerging standards such as the International Society of Automation’s ISA/IEC-62443 and the National Institute of Standards and Technology’s NIST 800-82 series, and emerging regulatory requirements in a number of countries, all point toward a growing awareness of the susceptibility of the modern industrial process to cybersecurity threats.
Considering the potentially dangerous safety consequences that can occur as a result of these failures, today’s plants need to clearly understand the actual risks – and how best to mitigate these risks – in order to maintain safe and reliable operations.
The potential implications of ICS security breaches encompass a wide range of damaging consequences that might include, but are not limited to, asset, financial, environmental, and reputational damage:
- Compromise and unauthorized disclosure of confidential data to the public
- Tampering of system reliability or integrity of process data and production information
- Loss of View (LoV) and Loss of Control (LoC)
- Process abuse and corruption that could bring about degraded process efficiency, poor product quality, diminished manufacturing capability, impaired process safety, or environmental release
- Damage to assets
- Health implications including injuries and fatalities
- Demeaned and negative reputation and public trust
- Breach of contractual and regulatory obligations (such as clients, partners, and regulators)
- Impact on national security and critical infrastructures
The following consequences have already occurred within ICS installations including SIS:
- Manipulation of process data or setpoints
- Unauthorized changes to commands or alarm thresholds
- Erroneous information being passed on to operators (loss or manipulation of view)
- Software or settings being tampered with and interference with safety systems, all of which could have far-reaching and potentially fatal consequences
How do IT and engineering communities perceive ICS cybersecurity?
The IT and engineering communities are increasingly aware of the need for ICS cybersecurity. As ICS become ever more connected and automated, they also open themselves up to greater risk of cyberattacks. To address this, both communities are now developing a range of solutions and working closely to protect these systems from emerging threats.
While both communities view ICS cybersecurity from different angles and perspectives – due in large part to the historical gap that exists between IT and ICS as well as differing priorities – they have come to recognize the need to bridge the gap in order to tackle the increasing challenges facing industrial facilities. As a result, a new discipline has emerged that combines the best of both engineering and cybersecurity practices.
For example, engineers are typically more focused on the physical process of an ICS, such as the hardware and software, while IT professionals are more concerned with the network and data security aspects.
A more comprehensive approach to ICS cybersecurity can be achieved by combining both engineering and IT practices. This includes both the physical and the digital components of the system to ensure that the assets are secure from cyber threats.
The following sections will dive into the distinct aspects of international standards for cybersecurity and safety.
