You don’t have to search very far in the news to see stories of websites being hacked and customer details being stolen. Stories about incidents involving industrial control systems (ICSes) and operational technology (OT) environments aren’t so common. But they are prevalent. Just the other week, for example, an airline company sent out an email letting me know that their database had been hacked and that my travel details might have been taken.

These types of incidents are happening more often, and they are also becoming more frequent in the industrial control environments of organizations in the water, chemical, oil & gas and power industries. These cyber attacks are even making news headlines. When it affects critical national infrastructure, people take notice.

A one-size-fits-all plan won’t make cybersecurity work for the evermore-converging worlds of IT and OT. What works in an IT office might not necessarily work in industrial apps, after all. So, how can organizations in Europe, the Middle East and Africa (EMEA) make ICS security work in the age of IT-OT convergence?

In this article, we’ll look at some simple but practical steps in the journey to securing your network. Then we’ll look at some best practices on how to secure the network. Along the way, we’ll examine what goals/standards are applicable to a particular industry sector as well as any regulatory government frameworks with which we must comply.

Where Are These ICS Security Threats Coming from?

Threats can come from many places. They may be adversarial, accidental, environmental, etc. When you really dig into the reasons for downtime due to cyber incidents in industrial control systems, however, the vast majority of these are unintentional. Intentional attacks make up only 20% of the total incidents. From that, only about half are from external attacks.

A breakdown of security (Read more...)