The Black Swan: Mitigating Cyber Attacks Within ICS Environments

The Industrial Control System’s (ICS) problems (and those industries reliant on ICSs) have existed for nearly 15 years, but continuously increase in impact and frequency as more systems become IP based and compute-based automation is introduced into the systems.  Additionally, because ICSs are specialized there is limited industry expertise spanning ICS, IT, and security. In terms of mitigation techniques, most vendors and organizations leverage generic security methodologies resulting in a reactive approach.

The Triton/Trisis malware, discovered in late 2017, was significant in that is effectively targeted ICS environments and had broad penetration across multiple regions. It is noteworthy that, for the first time, malware targeted a specific vendor based on very specific knowledge of the underlying technology – Schneider Electric’s Triconex Safety System (SIS).

The common question in ICS-oriented blogs, social media outlets, and open forums is from where and how should the ICS vendors better provide security within their product? The mitigation cannot rely solely on the deploying organization to build security around the deployment nor can it be a reactive approach of fixing vulnerabilities in production as they are found. It begins with the ICS vendors building security within; however, as with most IT systems and applications, this will evolve over time. Thus, for the foreseeable future, the best operational outcomes must be planned. Precisely planned as a phased approach and diligently executed, rather than chasing the rabbit. RSA’s experience with customers and participating in industry events led to the development of the following framework/process as (Read more...)

*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Doug Howard. Read the original post at: http://www.rsa.com/en-us/blog/2018-02/black-swan-mitigating-ics-cyber-attacks.html