CE_21_02

Page 35

ANSWERS

CYBERSECURITY

Isaac Guevara, Grantek, and Chen Fradkin, Claroty

Growing ICS vulnerabilities mandate prioritization Use vulnerability management at the convergence of information and operational technologies to lower risk to industrial control systems.

I

t’s no secret information technology (IT) infrastructure and operational technology (OT) networks are converging, creating conditions that require industrial control systems (ICS) to become part of an overall cybersecurity program. It will be incumbent upon business leaders and decision makers to understand this collision and how to best extend core security controls, governance processes, and the technology stack to cover OT as well as it does IT. One foundational place to begin is vulnerability management. The disappearing landscape of air-gapped critical OT systems, where these systems are sheltered from internet connectivity, demonstrates this approach isn’t conducive to 21st-century business. Connectivity is oxygen for businesses, including industrial control systems and the processes they manage. While this is a positive, the tradeoff is the potential attack surface available to threat actors, both profit-driven cybercriminals and state actors, gets larger. Therefore, organizations must prioritize vulnerability management in order to strategically lessen their overall exposure, in addition to other security best practices such as network segmentation and the security of remote connections to OT networks. The first step is understanding the vulnerability landscape as it relates to OT and identify noteworthy trends in order to best prioritize patching and updating vulnerable systems.

Cybersecurity management system

The ISA/IEC 62443 series of standards provides a methodology for an organization to establish an OT security program. [ISA is the International Society of Automation. IEC stands for International Electrotechnical Commission.] The cybersecurity management system (CSMS) overviews the elements required for an organization to evaluate its current risks, how to address them, and keep its CSMS updated. Organizations often try to dive headfirst into the specifics of their ICS systems, trying to extrapolate every detail.

www.controleng.com

While larger organizations sometimes have personnel to implement such a resource intensive methodology, most organizations struggle to deal with the expanding attack surface, which requires a risk assessment methodology that prioritizes remediating the highest risks. The CSMS provides this methodology by focusing organizations to build a risk analysis founded on business rationale and risk identification that considers not only financial loss but also health, safety, environmental, and any other consequences if the ICS environment was impacted by a cybersecurity attack. In August 2020, Claroty published a review of industrial control system vulnerabilities publicly disclosed during the first half of 2020. The vulnerabilities identified were reported to the Industrial Control System Cybersecurity Emergency KEYWORDS: Industrial control Response Team (ICS-CERT) or pubsystem (ICS) cybersecurity lished by the National Vulnerability ICS cybersecurity threats are Database (NVD). increasing The report revealed more than 70% Industrial networked devices, engineering workstation, of the 365 vulnerabilities affecting ICS remote sites may be sources of products sold by more than 50 vendors cybersecurity vulnerabilities. were remotely exploitable. This puts Standards and best practices, industrial equipment in the crosshairs consistently applied, can of an exponentially larger set of potendecrease cybersecurity risk. tial attackers, ones already adept at tarCONSIDER THIS geting internet-facing IT infrastructure. Are multiple experts Vulnerable ICS devices exposed online assessing and addressing ICS threaten the safety and reliability of cybersecurity vulnerabilities in your organization? industrial processes and could be attractive to hackers because of lax patching ONLINE and inadequate software or firmware If reading from the digital mechanisms available to devices. edition, click on the headline for

M More ANSWERS

Remote areas behind in software patches

Since many devices are operating remotely in difficult-to-reach locations, or where downtime may not be an option, a large number of them may be several patching cycles behind where they should be.

more resources www.controleng.com/magazine www.controleng.com/ networking-and-security/ cybersecurity/ ISA/IEC62443 series of cybersecurity standards: www.isa.org/standards-andpublications/isa-standards/ isa-standards-committees/isa99

control engineering

February 2021

31

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

AI application

3min
pages 59-62

Modernize legacy distributed control systems for a competitive edge

3min
page 32

Evolving control systems are key to improved performance

8min
pages 29-31

Evolution of control systems with artificial intelligence

11min
pages 23-25

Disinfection robot developed to help stop COVID-19 spread, More collab- orative robots; Headlines online

3min
pages 20-21

Growing ICS vulner abilities mandate prioritization

9min
pages 35-37

How cybersecurity is affecting control and automation

5min
pages 33-34

AI: PC-based control boosts sterile sampling bag production

8min
pages 26-28

Technology Update: PLC users can access cloud services without programming

3min
pages 18-19
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.