How to Advance ICS Cybersecurity: Implement Continuous Monitoring

Industrial Control Systems (ICS) include Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS) and other control system configurations such as Programmable Logic Controllers (PLC). They are typically used in industries such as electric, water, oil and natural gas, transportation, chemical, pharmaceutical and manufacturing (e.g., automotive, aerospace). These control systems are vital to the operation of U.S. critical infrastructures that are often highly interconnected and mutually dependent systems.

Initially, ICS had little resemblance to traditional information technology (IT) systems, and ICS were isolated systems running proprietary control protocols using specialized hardware and software. Many ICS components were in physically secured areas, and the components themselves were not connected to IT networks or systems. Nowadays, widely available, low-cost IP devices have replaced proprietary solutions, a shift which has increased the possibility of cybersecurity vulnerabilities and incidents.

This integration supports new IT capabilities, but it provides significantly less isolation from the outside world than predecessor systems, creating a greater need to secure these systems. While security solutions have been designed to deal with these security issues in typical IT systems, special precautions must be taken when introducing these same solutions to ICS environments because ICS have characteristics that differ them from traditional information processing systems.

Pillars of an Effective Cybersecurity Program

For the above reasons, there have been developed various ICS cybersecurity frameworks and regulations, such as IEC62443, NERC CIP, NIST SP 800-82 and American Water Works Association Process Control Network Security Guidance. These frameworks cater to best practices, which are the pillars for a strong industrial cybersecurity program.

These best practices consist of:

1. Identifying what systems need to be protected.
2. Separating the systems logically into functional groups.
3. Implementing a defense-in-depth strategy for each functional group.
4. Controlling access into and between each group.
5. Limiting the actions that (Read more...)