Saving lives with ICS and critical infrastructure security

Introduction

Digital transformation has revolutionized critical infrastructure industries like manufacturing, enabling them to harness new technologies such as the cloud and the Internet of Things to do things better, faster and smarter. And like with any newly blazed trails, this transformation has come with new risks. 

Industrial control systems (ICS) — used in sectors such as manufacturing and energy — traditionally relied on architecture segmentation, “air-gapping” and other passive defenses. But with the number of internet-facing embedded devices and control systems growing in the last decade, those passive defenses no longer work. At the same time, the attacks targeting those systems are on the rise. Under these circumstances, a major attack could result in severe damage, including loss of human life. 

An expanded view of critical infrastructure

In a 2019 ICS (industrial control systems) survey, 51 percent of more than 300 respondents perceived the level of operational technology (OT) and ICS risk to be severe, critical or high. The top threat identified was devices and “things” that are being added to the network and can’t protect themselves.  

Not only are industrial control systems being connected to the internet and the cloud for the first time, but every new device creates an entry point for a bad actor to exploit. And with this new ecosystem now being interconnected and interdependent, supply-chain security and infrastructure security are new priorities that these sectors haven’t had to grapple with in the past.

Emily Miller, direction of national security and critical infrastructure programs at software-security company Mocana, recently told Infosec on its Cyber Work podcast that securing industrial control systems is a matter of saving lives. But she takes a broader view of the definition of critical infrastructure, including agriculture.

“What happens if your food sources are potentially impacted … not only (Read more...)