By 
1 – What is ICS?
Industrial control system cybersecurity is a general term that covers several types of control systems and associated instrumentation used for industrial process control. Guide to industrial control systems security can help prevent cyberattacks organizations may encounter from time to time. Industrial control system and cybersecurity standards are techniques usually set out in published materials that seek to defend the cyberenvironment of a user or organization. The main objective is to cut the risks, including prevention or reduction of cyberattacks.
2 – Types of ICS
There are several types of ICSs, including Supervisory Control and Data Acquisition (SCADA) systems, and Distributed Control Systems (DCS). Here are the details.
Supervisory Control and Data Acquisition (SCADA)
SCADA is not system that cannot offer full control; it only focuses on providing control at the supervisory level. SCADA systems are composed of devices that are circulated in numerous locations. SCADA systems can obtain and spread data, and are combined with a Human Machine Interface (HMI) that offers centralized monitoring and control for several process inputs and outputs.
The main purpose of using SCADA is for long-distance monitoring and control of field sites through a central control system. Instead of workers having to travel long distances to carry out tasks or collect data, a SCADA system capable of automating this task. Local operations such as opening or closing of valves and breakers is managed by field devices. The systems are generally used in industries involving pipeline monitoring and control, water treatment centers and distribution, and electrical power transmission and distribution.
Distributed Control System (DCS)
Typically used in industries such as manufacturing, electric power generation, chemical manufacturing, oil refineries, this is a system that is used to control production systems found in one location. In a DCS, a setpoint is sent to the controller that is able to coach valves to function in such a way that the chosen setpoint is sustained. Data from the field can either be deposited for future locus, used for modest process control, or even used for innovative control tactics with data from another part of the plant. Each DCS uses a central supervisory control ring to accomplish multiple local controllers or devices that are part of the general production procedure, giving industries the capability to swiftly access production and operation data. And by means of multiple devices within the production procedure, a DCS is capable of minimizing the effect of a single fault on the overall system.
Actual ICS implementation
Enforcing an ICS environment may often be a hybrid of DCS and SCADA in which attributes from both systems are combined.
3 – Role of ICS in Today’s World
The role of ICS in today’s modern world where cybersecurity is of great concern for organizations, large or small, cannot be held in question. While firewalls are the mainstay of an effective ICS protection tactic, it’s significant to remember that they can only protect against attacks originated outside the network. To fight malware presented from USB devices and other control network workings, the control system must also include host-based defense operating on the inside of the system in order to compliment the firewall’s limit protection. Therma has wide experience installing, mending and shielding serious ICS systems, and they can enforce a slew of complete defensive measures to ensure your equipment and control systems continue to function securely, cautiously and without distraction.
Global thieves, fanatics and dishonest competitors represent a grave danger to ICSs throughout the world. This is owing to the advent of the Internet of Things (IoT) and Industrial IoT as well as the augmented use of distant telemetry for monitoring and input. These comparatively recent developments provide hackers with many entry points for wicked activities that can adversely affect the operational efficiency of serious process systems along with the health, safety and financial security of people and companies all over the world.
High-risk factors
Cybersecurity for industrial control systems is a complex topic in today’s industrialized world. High-risk factors to the Industrial Control System (ICS) network infrastructure are at exceedingly high and the and the level of complexity is greater than ever before. The augmented volume and complexity of these attacks make an ICS an easy target for committers because of its old set-up, nonexistence of security planning/design, and trifling focus from a business group to protect ICS assets.
A full analysis of the infrastructure and operational features of your business can provide great vision to your level of risk as well as recognize possible countermeasures to defend key assets. This type of all-inclusive approach should be taken to promise all aspects are considered to fully comprehend the actual level of risk posed to the production system. This includes the cyber and physical security, as well as the status of the system lifespan. To help discern the exact level of risk, each element should be assessed systematically to comprehend the design, operational, and maintenance differences to preserve the livelihood of production systems.
4 – ICS Threats
Advanced persistent threat (APT)
It is a protracted and targeted cyberattack wherein an attacker acquires access to a system and remains unnoticed for a long period of time. The purpose of the attack is typically to monitor network activity and snip data instead of incurring damage to the network or company. Since so much effort and capitals typically go into perpetrating APT attacks, hackers stereo-typically target high-value targets, such as nation-states and large organizations, with the final objective of pilfering information over an extended period of time.
To gain access, APT groups often use unconventional attack systems, including advanced activities of zero-day susceptibilities, as well as highly-targeted spike phishing and other social engineering techniques. To uphold access to the targeted network without being exposed, threat actors use cutting-edge methods, including unceasingly rewriting hateful code to evade exposure and other classy evasion techniques. Some APTs are so multifaceted that they need full-time administrators to preserve the bargained systems and software in the targeted network. The reasons of advanced persistent threat actors are diverse. For example, attackers backed by nation-states may target intellectual property to gain a viable benefit in certain industries. Organized crime groups may sponsor APT to gain information they can use to perform unlawful acts for monetary gain.
DDoS Attack
It is a spiteful attempt to upset normal traffic of a targeted server, service or network by overwhelming the target or its nearby set-up with a deluge of Internet traffic. DDoS attacks attain efficacy by using numerous bargained computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like a traffic jam blocking up with highway, thwarting regular traffic from reaching its desired destination.
Cryptomining
Cryptomining is a process in which transactions for numerous forms of cryptocurrency are substantiated and added to the blockchain digital record. Also known as cryptocoin mining, cryptomining has augmented both as a topic and activity as cryptocurrency usage itself has grown considerably in the last few years. Whenever a cryptocurrency deal is made, a cryptocurrency miner is liable for safeguarding the legitimacy of information and updating the blockchain with the transaction. The mining process itself comprises contending with other cryptominers to solve complex scientific problems with cryptographic hash functions that are related to a block containing the transaction data.
Ransomware
It is a type of spiteful software from cryptovirology that portends to publish the victim’s data or eternally block access to it unless a ransom is paid. While some modest ransomware may lock the system in a way which is not problematic for a informed person to reverse, more cutting-edge malware uses a technique called cryptoviral coercion, in which it encrypts the victim’s files, making them unreachable, and demands a ransom payment to decrypt them. In a suitably executed cryptoviral pressure attack, retrieving the files without the decryption key is an obdurate issue and hard to trace digital currencies such as Ukash and cryptocurrency are employed for the ransoms. Ransomware attacks are characteristically performed using a Trojan that is camouflaged as a genuine file that the user is tricked into downloading or opening when it arrives as an email attachment.
Network Security Monitoring for Industrial Control Systems
Monitoring for industrial control systems is important and is of various types, such as baby monitoring, heart monitoring, air quality monitoring, electric grid disturbance monitoring, and even credit monitoring. Monitoring is key to addressing something that is not right. NSM is not widely applied in Industrial Control Systems (ICS), and this is one of the reasons we don’t hear about many ICS attacks. However, asset owners have started to see the worth of gaining the same discernibility in their ICS networks as in their IT networks. Recently, my colleague at a large public utility recently completed implementing network monitoring in their SCADA system. With NSM deployed on their SCADA system and their IDS tuned to their standard ICS protocols and network behavior, the following were found:
- Misconfigured devices
- Incorrect software versions
- Defects in SCADA device firmware
- Hardware failures
- Unexpected IP addresses (internal and external)
- Unexpected protocols on the SCADA network
5 – ICS Common Practices
One of the most common ICS practices is to establish executive buy-in. The most effective ICS programs are managed from the top down, so it’s important to get the board and senior executive leadership to realize the risks to business assets and offer their support. The other key factor is to comprehend regulatory requirements, as in critical infrastructure industries, regulatory requirements often drive conduct and command certain requirements from a security viewpoint. While your organization may be very effective, smart people on the IT and OT side of the house, involving outside assistance can provide much-needed subject matter know how and mediation when internal teams disagree on items. At a macro level, most businesses have a good comprehension of what systems they have in the field. Nevertheless, at a micro level, the picture becomes less clear, so it’s critical all systems get cataloged.
Ensuring the security of systems
Both the public and private sectors appreciate how significant it is to enhance the security of these systems. In February 2016, the White House set up a Commission on Enhancing National Cybersecurity with the object of improving cybersecurity in the public as well as private sectors. Furthermore, many industries have designed cyber security awareness groups to share experiences about the significance of cybersecurity, grow recommended practices, and generate guidelines to show asset owners how and where to start taking responsibility for security in their networks. The North American Electric Reliability Corporation (NERC), a not-for-profit international supervisory authority whose task is to guarantee the dependability of the bulk power system in North America, shaped and frequently update a series of Critical Infrastructure Protection (CIP) standards. It is important to learn that 11 of the NERC guidelines are subject to implementation, making this the only controlled cybersecurity standard today.
Conclusion
Appraisal of the ICS our important industrial infrastructure relies on has divulged a number of security flaws which can be exploited regularly. The most significant concern is legacy ICS with no security instruments in place linked to the world-wide-web. This is a hazardous blend of old and new control system conformations which can easily be exploited by a discreetly computer- savvy hacker. Secure and dependable process of critical infrastructure relies on considerably uncertain ICS configurations in a setting of rising cyber threats from numerous sources. However, these practices have not yet been broadly combined into the industrial infrastructure. Private sector recognition that ICS security flaws unswervingly risk the safety and dependability of systems operation is required to support the business case for cumulative security expenditures.