Security Process to tackle ICS Attacks
The merging of industrial IoT and industrial control systems has made organizations vulnerable to security threats that teams must address by building security into every process and product.
Attackers increasingly target industrial control systems (ICS) using a variety of tactics. In recent years, attacks have targeted ICS using malware, including the cyberattack on the Kudankulam Nuclear Power Plant in India, the Crash Override attack on the Ukrainian electrical grid and the Triton attack announced by FireEye. The attackers in each of these events attempted to cause major disruptions and physical damage to the industrial systems, which can face increased risks when combined with industrial IoT (IIoT).
Historically, organizations have relied upon a separation of their operational technology networks from the internet to keep systems secure, Some organizations use the Purdue model for industrial control systems to understand the interaction of ICS with IoT devices and intermediate levels of infrastructure.
IIoT has prompted an IT/OT convergence, which means the networks no longer remain separated, and organizations become more vulnerable to attacks. With the introduction of IIoT, ICS has merged with IoT gateways, edge devices and cloud platforms.
Classic ICS network
It’s not only the security experts’ or administrators’ responsibility to protect systems; end users, vendors and manufacturers all share the responsibility to keep systems secure, starting with the design of products and platforms and concluding with the end of product lifecycles.
The idea is that you incorporate security — you build in security as part of your process. And you introduce this early on because it’s going to be a lot less costly if we identify issues with either the design that might lead to a security flaw or with potentially how you’re going about the design, your coding scheme,”It’s about trapping or blocking or identifying and addressing any issues early on.”
Organizations can apply six cybersecurity processes to building, using or configuring software to ensure ICS IoT security. These processes can be used by vendors selling software as a product, equipment manufacturers and organizations using the software for their ICS and IIoT devices.
Cyber kill chain
Organizations can apply the kill chain whether they are purchasing a software platform and customizing it or they are an OEM adding value to their product.
Plan defense in depth
IT asset lifecycle management
Have a secure software supply chain
Secure the software development life cycle
Conduct threat modeling