How to Advance ICS Cybersecurity: Implement Continuous Monitoring - Security Boulevard
Sunday, January 16, 2022
  • Security BSides London 2021 – @roddux/Rory M’s ‘JWTs And Why They Suck’
  • XKCD ‘Language Development’
  • Security BSides London 2021 – Johanna Strachan’s ‘The Challenges Of Remediation During A Cyber Incident’
  • Security BSides London 2021 – Ben Caller’s ‘Big Data Lake, Big Data Leak
  • Bridge Out

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » How to Advance ICS Cybersecurity: Implement Continuous Monitoring

SBN How to Advance ICS Cybersecurity: Implement Continuous Monitoring

by Anastasios Arampatzis on June 7, 2019

Industrial Control Systems (ICS) include Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS) and other control system configurations such as Programmable Logic Controllers (PLC). They are typically used in industries such as electric, water, oil and natural gas, transportation, chemical, pharmaceutical and manufacturing (e.g., automotive, aerospace). These control systems are vital to the operation of U.S. critical infrastructures that are often highly interconnected and mutually dependent systems.

Initially, ICS had little resemblance to traditional information technology (IT) systems, and ICS were isolated systems running proprietary control protocols using specialized hardware and software. Many ICS components were in physically secured areas, and the components themselves were not connected to IT networks or systems. Nowadays, widely available, low-cost IP devices have replaced proprietary solutions, a shift which has increased the possibility of cybersecurity vulnerabilities and incidents.

This integration supports new IT capabilities, but it provides significantly less isolation from the outside world than predecessor systems, creating a greater need to secure these systems. While security solutions have been designed to deal with these security issues in typical IT systems, special precautions must be taken when introducing these same solutions to ICS environments because ICS have characteristics that differ them from traditional information processing systems.

Pillars of an Effective Cybersecurity Program

For the above reasons, there have been developed various ICS cybersecurity frameworks and regulations, such as IEC62443, NERC CIP, NIST SP 800-82 and American Water Works Association Process Control Network Security Guidance. These frameworks cater to best practices, which are the pillars for a strong industrial cybersecurity program.

These best practices consist of:

  1. Identifying what systems need to be protected.
  2. Separating the systems logically into functional groups.
  3. Implementing a defense-in-depth strategy for each functional group.
  4. Controlling access into and between each group.
  5. Limiting the actions that (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Anastasios Arampatzis. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/advance-ics-cybersecurity/

June 7, 2019June 7, 2019 Anastasios Arampatzis continuous monitoring, Cybersecurity, ICS, ICS Security
  • ← Cryptocurrency wallet GateHub hacked, nearly $10 million worth of Ripple (XRP) stolen
  • BeiTaAd Adware Hidden in Google Play Apps | Avast →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Most Read on the Boulevard

Why 2022 Should be a Year of Cybersecurity Optimism
Oxeye Tool Can Counter Log4j Obfuscation Attacks
CISA, NSA Warn of Russian Attacks on Critical Infrastructure
Attackers More Successful at Delivering Malware Payloads
Zero-Trust for Health Care in the Age of Ransomware
2021 Ransomware Attack Report
Testing the Waters: First Impressions of CloudTrail Lake
How to Make API Security an Integral Part of Your Application Security Strategy
Secure Software Summit 2022
The Roles of SAST and DAST and Fuzzing in Application Security

Upcoming Webinars

Tue 18

Protecting Applications Running On Kubernetes

January 18 @ 12:00 pm - 1:00 pm
Tue 18

What’s Next for DevSecOps: ‘Shift Right’ for Runtime Protection

January 18 @ 3:00 pm - 4:00 pm
Tue 25

DevSecOps Best Practices: Automating K8s Network Security Policy

January 25 @ 11:00 am - 12:00 pm
Tue 25

How to Fix NPM Vulnerabilities Quickly and Painlessly

January 25 @ 11:00 am - 12:00 pm
Wed 26

Managing API Security at Scale With Gluu and Tyk

January 26 @ 1:00 pm - 2:00 pm
Feb 01

Access in the Fast Lane: How to Secure Access for a Growing Team

February 1 @ 3:00 pm - 4:00 pm
Feb 02

Developer Security: Building Security Culture Into Your Engineering Team

February 2 @ 11:00 am - 12:00 pm
Feb 03

The Least Is the Most You Should Do – Establishing Least-Privilege Access in Cloud Infrastructure

February 3 @ 1:00 pm - 2:00 pm
Feb 03

February 3 @ 1:00 pm - 2:00 pm
Feb 17

How Secure Backups and Analytics Can Help You Recover From Ransomware in Hours

February 17 @ 2:00 pm - 3:00 pm

More Webinars

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Zero-Trust for Health Care in the Age of Ransomware
CISO Suite Cybersecurity Data Security Endpoint Featured Industry Spotlight IoT & ICS Security Malware Network Security Security Boulevard (Original) Threat Intelligence 

Zero-Trust for Health Care in the Age of Ransomware

January 12, 2022 Christopher Kuhl | 4 days ago 0
Hybrid Work Requires New E-Discovery Approach
Application Security Cyberlaw Cybersecurity Data Security Endpoint Governance, Risk & Compliance Incident Response Industry Spotlight Mobile Security Security Boulevard (Original) 

Hybrid Work Requires New E-Discovery Approach

January 4, 2022 Ken Basore | Jan 04 0
Why Public-Private Partnership is Key to Cybersecurity
Careers Cyberlaw Cybersecurity Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) Threat Intelligence 

Why Public-Private Partnership is Key to Cybersecurity

December 8, 2021 Luke Tenery | Dec 08 Comments Off on Why Public-Private Partnership is Key to Cybersecurity

Top Stories

‘Massive’ Cyberattack on Ukraine Cripples Gov’t Websites
Cyberlaw Cybersecurity Data Security Featured Incident Response Malware News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches 

‘Massive’ Cyberattack on Ukraine Cripples Gov’t Websites

January 14, 2022 Teri Robinson | 2 days ago 0
1/6/21 Insurrection—What Did the Social Networks Know?
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Featured Governance, Risk & Compliance Identity & Access Incident Response Insider Threats Mobile Security Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches 

1/6/21 Insurrection—What Did the Social Networks Know?

January 14, 2022 Richi Jennings | 2 days ago 0
CISA, NSA Warn of Russian Attacks on Critical Infrastructure
CISO Suite Cyberlaw Cybersecurity Cybersecurity Featured Governance, Risk & Compliance Incident Response IoT & ICS Security Malware News Promo Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

CISA, NSA Warn of Russian Attacks on Critical Infrastructure

January 12, 2022 Teri Robinson | 4 days ago 0

Security Humor

XKCD 'Language Development'

XKCD ‘Language Development’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.