Defending Industrial Control Systems From Cyber Attack

Cybersecurity is now a design element of all industrial
control systems

Industrial control system owners, operators, and other stakeholders should be aware of their exposure to malicious intrusion and attack by individuals or organizations intent on inflicting physical damage, stealing information, or generally wreaking havoc throughout an industrial operation. The risk of intrusion, regardless of the size or type of facility, is real and deserves the focused attention everyone involved in the design and operation of industrial control systems.

The National Cybersecurity and Communications Integration Center, part of the US Department of Homeland Security, ...

serves as a central location where a diverse set of partners involved in cybersecurity and communications protection coordinate and synchronize their efforts. NCCIC's partners include other government agencies, the private sector, and international entities. Working closely with its partners, NCCIC analyzes cybersecurity and communications information, shares timely and actionable information, and coordinates response, mitigation and recovery efforts. (from www.us-cert.gov/nccic)

The NCCIC has published a set of seven basic steps toward establishing a more secure industrial control system. I have included the publication below, and it is interesting and useful reading for all involved in industrial process control.

Having a fence around an industrial site, with a guarded entry gate, no longer provides the level of security needed for any industrial operation. Read the seven steps. Take other actions to build your knowledge and understanding of the risks and vulnerabilities. Cybersecurity is now another layer of design tenets and procedures that must be added to every control system. It will be a part of your company's best practices and success, now and in the future.

There are uncountable legacy controllers and communications devices throughout industrial America. All need to be reassessed for their vulnerability in the current and upcoming security environment. When reviewing your processes and equipment, do not hesitate to contact Miller Energy for assistance in your evaluation of our products.

NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems from Miller Energy, Inc.

Industrial Control Systems Present Unique Cybersecurity Challenges

Industrial control systems have unique

cybersecurity challenges.

The International Society of Automation is offering a free white paper entitled “What Executives Need to Know About Industrial Control Systems Cybersecurity”. The article provides useful commentary and information that establishes the scope of cybersecurity in the industrial process control space and provides a basic framework for understanding how every process may be impacted by lax cybersecurity efforts. The author, Joseph Weiss, differentiates Industrial Control System (ICS) cybersecurity from that of organizational IT through a review of various attributes common to both types, including message confidentiality, integrity, time criticality, and more. Any reader’s awareness and understanding of the cybersecurity risks to their operation will be enhanced through this article. I finished reading the article wanting more on the subject, and ISA is certainly a resource for additional content.

A quote from the article...

“Cyber incidents have been defined by the US National Institute of Standards and Technology (NIST) as occurrences that jeopardize the confidentiality, integrity, or availability (CIA) of an information system.”

ICS cybersecurity extends beyond preventing malicious outside intruders from gaining access. It is an important part of maintaining the overall operating integrity of industrial processes. A holistic approach is advocated to identify physical risk factors to the process and its componentry (previous article on device protection), as well as vulnerabilities that may prevent exploitation by unauthorized parties. Weiss goes on to describe the role and qualifications of the ICS Cybersecurity Expert, essentially an individual that can function effectively as an IT cybersecurity tech with the added skills of an industrial control systems expert.

A synopsis of attack events is provided in the article, with the author’s conclusion that not enough is being done to secure industrial control systems and the risk exposure is substantial in terms of potential threats to personnel, environment, and economy. By providing your name and email address, you can obtain the white paper from the ISA website. Your time spent obtaining and reading the article will be well spent.

For any specific information or recommendations regarding our products and cybersecurity, do not hesitate to contact us directly. We welcome any opportunity to help our customers meet their process control challenges.