CEO Insights: Four major challenges in protecting ICS from cyber attacks
As part of the CEO Insights Series, IIoT World’s Managing Editor, Lucian Fogoros, interviews Indegy’s CEO, Barak Perelman, about the major challenges in protecting ICS from cyber attacks and the best defenses against cyber threats in Industrial Internet of Things era.
Lucian Fogoros: What are the major challenges in protecting ICS from cyber attacks?
Barak Perelman: Unlike IT networks, the technologies used in ICS environments were designed and deployed before cyber threats existed therefore they lack basic visibility and security controls. Traditionally, industrial organizations have relied on “air-gaps” for protection from external attacks. This approach has long since become unfeasible to maintain. Since security or access controls are lacking in these environments, anyone with access to the ICS network can make changes to its critical assets and cause disruptions. Furthermore, since engineering changes to critical devices aren’t tracked in event logs, there’s no evidence of such changes. As a result it is difficult to detect and respond to incidents – whether they are caused by external cyber-attacks, malicious insiders or human error. It is also very difficult to recover from such incidents because there is no historical data on ICS assets.
Securing ICS networks poses the following unique challenges:
- Since proprietary, undocumented control-plane protocols are used to perform engineering activities – it is difficult to monitor changes and enforce security policies
- There is a lack of knowledge about the assets that need to be protected – primarily because changes to assets are not always properly documented due to the absence of automated asset management solutions. If you don’t know what needs to be protected, how can you protect it?
- Physical access to devices remains a blind spot. Monitoring network activity does not capture important activities including maintenance and upgrades which are often performed by connecting locally to the device via a serial cable or a thumb drive.
- IT-OT convergence and a shift in C-level responsibilities is causing some confusion regarding who is responsible for securing these environments
Lucian Fogoros: Is there a particular sector of the industry more vulnerable to attacks than other?
Barak Perelman: Since all ICS networks are susceptible to these security weaknesses, all industrial sectors including critical infrastructure and manufacturing are vulnerable to cyber attacks. To complicate matters, the fact that the same underlying ICS technologies are used across multiple industry sectors creates the potential for collateral damage. In other words, even if a company is not the intended target of a large cyber attack, once malicious code is released in the wild it is impossible to contain. As result, an attack aimed at energy companies could affect manufacturing, water treatment, pharmaceutical, etc. facilities that use the same technologies that are being targeted by a malware variant.
Lucian Fogoros: What are the best defenses against cyber threats in Industrial Internet of Things era?
Barak Perelman: The first step to securing these environments is to gain full visibility into all ICS activity, especially engineering activity performed on the control plane. This must include the ability to monitor and track activities executed over the network as well as directly on the physical devices, whether by humans or malware. Such monitoring will enable organizations to get real-time alerts on any suspicious anomalies or unauthorized activities. In addition, automated asset discovery, classification and management should be instituted to establish and maintain an up-to-date inventory.
Lucian Fogoros: What are your main goals in 2017?
Barak Perelman: Indegy is focused on expanding our global operations to make our Industrial Cyber Security Platform available to industrial organizations worldwide. In addition, we are continuing to add new capabilities to the platform to extend our leadership position in the market. Finally, we will continue to work with technology partners to provide seamless integration with both ICS and IT systems.