3 Trends That Make Automation a Must for Securing Industrial Control Systems

Tim Wenzlau
by Tim Wenzlau
category Product
tags Autonomous Security, ICS, industrial control systems

Every time I flip a light switch or run water for my daily shower, I’m not thinking of the potential security risks within our power plants or water suppliers. I just take it for granted that the computers working behind the scenes keep things running smoothly.

These computers, also known as Industrial Control Systems (ICS), control the physical world of our most critical infrastructure. They monitor and control the processes responsible for machinery used in power generation and distribution, manufacturing, water treatment plants, HVAC, and many other industries.

The reality is that some of these systems were not designed with security in mind. Historically, these systems were not connected to the Internet or an IT network. They existed in an air-gapped environments, disconnected from all other networks.

The disconnected nature of ICS is quickly becoming outdated. Systems are more connected than ever before and can be accessed remotely by operators. Three trends are increasing the vulnerability of our ICS environments.

Trend 1: Connected IT and Operating Technology (OT) environments are growing.

While these blended environments provide increased efficiency and reduced costs for operators, they also increase the potential for security threats. Threats that occur in OT environments generally originate in the IT environment and then traverse the boundary.

This is complicated by the fact that Industrial Control Systems were not built with security event logging in mind, they receive software updates infrequently, and they often exist within flat networks (where all systems exist in the same network).

Bottom line—if one system is infected, it’s easy to spread the infection to multiple systems.

IT has traditionally focused on securing the confidentiality and integrity of data or services while ICS security has focused on maintaining operational availability and ensuring safety. Given the changing nature of the environments, these responsibilities need to evolve.

Trend 2: Attacks are becoming more sophisticated in critical environments.

There have been numerous examples of nation-states disrupting Industrial Control Systems with cyber attacks. One particularly well-documented example (and worth the read from Wired!) is Russia’s repeated disruption of the Ukrainian power grid. Other examples include:

Trend 3: A shortage of trained security analysts.

There is already a limited population of security analysts, but there is an even smaller population who can triage the combination of cyber and operational threats.

IT security analysts cannot monitor an OT network without understanding how the ICS systems function normally and how they can be exploited. Also, ICS systems often communicate on proprietary network protocols not found in IT environments and therefore, require specialized detection technologies to alert an ICS related threat.

Stop these 3 trends from impacting your ICS environment

The increasing potential for threats, combined with the lack of specialized resources to detect these threats, leave us all vulnerable. The serious attacks on power and water supplies around the world demonstrate the urgency of staying ahead of the bad guys.

Help is on the way. Using Artificial Intelligence (AI) and Machine Learning, Respond Software has partnered with SecurityMatters (recently acquired by Forescout) to provide automated monitoring, decision making, and triage of network intrusions within ICS environments.

Respond Analyst provides 24x7 automated monitoring and triage, without requiring you to hire, train, and operate a team of security analysts. SecurityMatters provides in-depth visibility into ICS environments, classifying assets and detecting threats based on deep packet inspection of industrial protocols. By monitoring both your OT and IT environments, Respond Analyst is able to identify threats crossing that boundary, providing an earlier warning, and increased visibility into the earlier stages of the attack.

Security Matters and Respond Software partnership.