Blog written by Gary Miles, Senior Cyber Consultant at Arcanum.
Industrial Control Systems (ICS) Overview
The first Distributed Control Systems used in industry were created around the 1970s. These systems had very limited connectivity, and there was clear segregation between Information Technology (IT) and Operational Technology (OT) networks, more commonly known as the Airgap. The traditional physical security challenges were recognised but Cybersecurity was not a primary consideration for these initial systems and networks as it did not really need to be. The tools, threat vectors, threat actors and interconnectivity were not as prevalent as they are today, which limited the capability, opportunity, and intent to target industrial control systems.
However, all that seemed to change when Stuxnet was released. Stuxnet was essentially an extremely complex and intriguing example of one of the world’s first digital weapons, used successfully against Iran’s nuclear enrichment program by harnessing multiple zero-day vulnerabilities and targeting specific Siemens PLCs (Programmable Logic Controller) used in Iran’s nuclear centrifuges.
When we look at the modern world, there are now many more factors that drive increased targeting of Operational Technology, with a significantly different threat landscape to those early days of OT systems, including:
- Geopolitical tensions, often fuelled by greater access to digital weapons and the means to target and deliver them.
- The global economic situation has made illegal cyber activities and cybercrime a lucrative prospect.
- The commercial and domestic growth of IT and technological advancements acting as a double-edged sword, not only increasing security protection offerings, but also increasing threat vectors and the weapons that are available to hostile actors, particularly via the dark web.
- OT/IT Convergence, which refers to the increasing connectivity of OT systems to enterprise IT hosted business applications and increased use of IT technology in the OT world.
ICS Cybersecurity Common Challenges
There are many different challenges that may be faced when securing OT, from business risk recognition and gaining appropriate buy-in from Board level to allocation of required budget for the control measures needed to effectively manage the risks, to ensuring adequate visibility and understanding of the importance of assets that make up the ICS.
Having appropriately qualified and experienced cybersecurity staff with IT and OT specific knowledge sets is also a common constraint, particularly when it comes to Incident Detection and Response. Having documented and tested plans as well as staff who understand exactly what their roles and responsibilities are during a security incident can be the deciding factor in mitigating the business impact of an incident.
OT Cybersecurity Solutions – Arcanum’s Approach
There is no one-size-fits-all solution for OT cybersecurity. We at Arcanum believe an extremely effective way of securing OT is to take a tailored, holistic, defence-in-depth risk-managed approach, ensuring People, Process, and Technological (PPT) solutions are implemented effectively and are mutually supportive of one another.
In slightly more detail, when we say ‘tailored,’ we believe that all efforts towards securing the network should be taken with the specific industry and business requirements in mind, to ensure that the highest levels of cost-effective security can be achieved without impacting other, possibly critical business functions.
The approach should also be inclusive of all possible factors that may affect the security of the network. This can include governance, risk management, network visibility, the supply chain, OEMs, change management and physical security. By considering the bigger picture, a more comprehensive security program can be developed.
This also involves taking a Defence-In-Depth approach to managing risk, by suggesting ways to implement various, complementary security countermeasures in a layered way to increase the individual redundancy of each individual control type, while increasing the difficulty level for potential threat actors to negatively impact your OT networks.
As mentioned at the beginning of this blog, technology and practices within the OT space are developing rapidly. As such, the landscape we are talking about securing will almost certainly look very different as the years continue to pass.
Some key considerations that are on the horizon for OT network security include the increased move towards Industry 4.0, with more fully automated processes enabled by increased connectivity and Digitalisation.
The developing technologies and tactics are also not limited to the defence of OT, as the tools and capabilities that Threat Actors have access to is increasing at a rapid rate, with Ransomware-as-a-Service (RaaS) gaining support on the Dark Web and more advanced, automated tools such as WormGPT making it easier for low skill actors to conduct more sophisticated and disruptive attacks.
As you can see, securing your OT networks will only become more and more of a requirement to ensure continued business production functions as well profitability. Our OT team at Arcanum can advise and support your organisation as you consider the best way to identify, implement and assure effectiveness of existing controls you may already have in place.
Arcanum’s OT Cybersecurity Services
Arcanum have a broad range of extensive experience in securing Operational Technology. Our services are, but are not limited to, the following areas:
- OT Compliance
- OT Risk Assessments
- OT Cyber Security Management Systems (CSMS)
- OT Auditing
- OT Network Architecture Review
- OT Penetration Testing
- OT Supply Chain Management
Speak to the team at Arcanum for a free, no obligation discussion around your organisation’s cybersecurity needs.
call: 02922 784452
Upcoming Webinar: What is ISA / IEC 62443?
If you’re interested in knowing more about ISA/IEC 62443 and how it contributes to Industrial Cyber Security by helping to secure OT, register your place on our upcoming webinar!
On December 12th 2023, Arcanum are running a FREE webinar that will demystify ISA/IEC 62443, the international standard for industrial control system (ICS) security.