Thursday, April 16, 2020

Control Systems in Cyber Security



With the increasing connectivity to the outside world, cyber-attacks on industrial systems poses an extremely dangerous threat, as these types of occurrences can lead to material losses and production interruption for a whole system. Also, industrial enterprises knocked out of service can seriously challenge an area’s social welfare, ecology and macroeconomics.
Therefore, cyber security is becoming more and more important across the board.

Cyber Security Management of IACS


Industrial Automation Control Systems and How They Improve ...
The IACS (Industrial Automation and Control Systems) is defined as a bunch of networks, control systems and other systems estimated to be at risk to cyber-attacks.

As we know almost all systems are vulnerable to cyber-attacks due to increase in connectivity, certain measures or standards are needed to lessen the risk of such attacks on control systems.

Moreover, cyber security tools advance to meet new threats, and virus checkers update their databases, which has its serious consequences to an organisation’s productivity.


Operational Technology

Operational Technology (OT) systems are systems which control and monitor physical devices in real-time, which is different from Information Technology (IT) that deals with processing information. 


Threats faced by OT systems


Rising risk of Malware and Ransomware - Download Signal


OT systems are susceptible to various forms of cyber security threat, the most recent one being the Ransomware which spreads as wide as possible attacking organisations. 

When an attack is faced, a company can only have a 50% chance of getting their data back, making it very likely that once the attack happens it is already too late to do anything about it.

Malware was also known to target particular systems.


How to protect OT systems?


Standards like IEC 62443, IEC 61511 and HSE OG 0086 were formed by International Electrotechnical Commission (IEC).

These standards define the formation of a Cyber Security Management System (CSMS), the difference between IT and OT systems, and how to reduce the problems posed by cyber-attacks on such systems.

Cyber Security Management System

With an understanding of the threats posed by cyber-attacks on IACS, the information and tools available to prevent such attacks and a proper understanding of the problems faced, we can implement a system of management to curb these attacks.

IEC-62443 standard requires the creation and implementation of a CSMS (Cyber Security Management System). The CSMS should be designed in such a manner as to protect the entire IACS.

The CSMS should be used to recognize and evaluate risk, plan user training, as part of disaster recovery plans and for incident reporting, response and recording.

IEC 62443


ISA/IEC-62443 (formerly ISA-99) is the standard that comprises reports and procedures relating to cyber security in an IACS.

The standard applies from the primary stages of design and implementation through to the combination of the systems, and day-to-day use, management and maintenance.

Technology Competencies│WoMaster

Other measures:


·      To tackle the cyber security challenges of control systems, companies need to have a strategic plan with proper measures in place. For these measures to be implemented, companies need to have sufficient funding to work smoothly.

·      The industrial companies need to pay more attention to the level of employees’ awareness of cyber threats, and keep up with modern cyber security measures.

·      Industrial companies should take IACS incident response programs seriously to lessen the occurrence of severe operational, financial and reputational damage.



Advantages of Cyber security


  • Protects system from cyber-attacks like Ransomware, Malware etc.
  • Protects system from theft of data.
  • It does not let the productivity of an organisation be affected.
  • It can prove the security of such systems which in turn inspires customers' confidence.


Limitations


  • Some organisations are obsolete and their equipment was designed before modern threats were discovered so such companies will find difficulty in following up today’s cyber security methods.
  • Patches might not be available, or could also be inappropriate for the current operational requirements of the equipment in use. 
  • Virus Scanners, an important component of cyber security in IT cannot always be used in an OT environment where its use may affect operations and decrease system availability.

Only by developing strict response programs and by arranging dedicated cyber security solutions to control the safety of complex connected and distributed industrial ecosystems can organisations protect their services and productivity as well as their customers and the environment.




References:




Control Systems in Cyber Security

With the increasing connectivity to the outside world, cyber-attacks on industrial systems poses an extremely dangerous threat, as ...