Cyber risk to Industrial Control Systems (ICS)
The systems we rely on most for some of the world’s most sensitive infrastructure, such as manufacturing, oil, gas and water utilities, face cyber security threats on a daily basis. We should have an understanding of the threats we face, even if we do not have all the solutions for them yet. This lack of understanding often results in a lack of visibility into industrial networks and many organisations turn a blind eye to the extensive publicity around cyber threats.
In many cases the ICS that control our electric grid and water distribution systems do not have advanced security sensors. Visibility into the ICS networks has always been difficult to obtain. Running anti-virus software on systems in an ICS can in fact potentially do more damage than good by marking files as malicious and deleting them. Despite everything, hacker activity has not been as easy to observe due to a lack of information obtained from these environments. In other words, there was no understanding of how the incident happened.
Media organisations grab attention from their audience with catchy headlines about cyber attacks against critical infrastructure. Some security companies use the media to promote their latest cyber security products when reporting on attacks and many security practitioners believe that the hype and awareness can serve as a wake-up call to the ICS community to take security seriously. Too much hype, however, can deter organisations who would otherwise take security seriously.
Ultimately, society needs more practitioners in the field of ICS cyber security and there needs to be more training for employees instead of being overly focused on products. Learning how to identify threats and to draw knowledge from the media will always be beneficial to companies and their employees. There are always going to be unseen hacks in the ICS community and we will no doubt begin to see a lot more of them coming to light.