Network and information systems (NIS) and the essential functions they support play a vital role in society from ensuring the supply of electricity, water, oil and gas to the provisioning of healthcare and the safety of passenger and freight transport. In addition, computerized systems are performing vital safety-related functions designed to protect human lives. For example, such systems are controlling the safe operation of industrial sites that process and store dangerous chemicals as well as those that play a key role in the safety of aviation, rail transportation etc. Their reliability and security are essential to everyday activities.
As we have seen from numerous cybersecurity incidents, these systems can be an attractive target for malicious actors, and they can also be susceptible to disruption through single points of failure. The magnitude, frequency and impact of network and information system security incidents are increasing. Events such as the 2017 WannaCry ransomware attack, the 2016 attacks on U.S. water utilities, and the 2015 attack on Ukraine’s electricity network clearly highlight the impact that incidents can have.
Computerized safety systems could be adversely affected by a cyber incident either as a side-effect of a compromise or as a result of a highly targeted cyber-attack that’s specifically aimed at reducing the effectiveness of safety mechanisms. Such was the case with TRITON malware.
Cyber incidents can result in several different consequences depending on the nature of the computer systems targeted and the intention of the perpetrators. Given that the possible consequences of cyber incidents can be extremely serious or perhaps even catastrophic, industrial organizations require very robust levels of cybersecurity and resilience.
There is, therefore, a need to improve the security of network and information systems. Those efforts should especially focus on essential functions which if compromised could potentially cause significant damage to (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Anastasios Arampatzis. Read the original post at: https://www.tripwire.com/state-of-security/regulatory-compliance/achieve-compliance-nis-directive/