The current security state of industrial control systems (ICS) is a perplexing one. On the one hand, Kaspersky Lab found in a recent report that a majority of organizations (75 percent) regard ICS security as a major priority. On the other hand, organizations aren’t implementing the proper safeguards to secure their industrial control systems. The Kaspersky study uncovered that many organizations (67 percent) still aren’t compliant with mandatory industry or government guidance surround ICS security, for instance, while 10 percent of organizations still don’t measure the number of incidents and breaches that they’ve experienced.
Clearly, organizations have not sufficiently protected their ICS infrastructure. Such neglect has left many industrial environments vulnerable to an industrial digital security event. Caused by human error, equipment failure or malicious activity, an industrial digital security event weakens an organization’s ability to view, monitor and control their industrial processes. Such an incident can cause vital systems to malfunction and thereby jeopardize the public’s safety.
Vulnerability and Visibility: The Two “V’s” of ICS Security
Fortunately, there’s a path for organizations to strengthen the security of their industrial control systems. It involves confronting the two “v’s” of ICS security: vulnerability and visibility.
First, organizations must address the vulnerabilities that affect their ICS assets. This is an important step in the ICS security process, as industrial organizations tend to retain their assets and controls past these technologies’ average lifecycle of 15 years. By keeping them on, industrial organizations invite digital attackers to leverage these older, vulnerable devices in order to gain access to their networks and compromise their industrial processes.
Organizations need to mitigate vulnerabilities that affect their industrial assets wherever possible. All things considered, creating a robust vulnerability management program is a good place to start. Industrial organizations should make sure they extend this program across their (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/using-visibility-navigate-role-ics-security/