Industrial cyber security strategies need a radical rethink

0
1102

Despite the imminent danger, cyber security investment within the ICS market is severely lagging, expected to barely cross the US$2 billion mark by 2025, according to ABI Research, a global tech market advisory firm.

The paradigm shift brought forth by Industry 4.0 and the Industrial Internet of Things (IIoT) is significantly enhancing the digital and connectivity capabilities of Industrial Control Systems (ICS) across multiple verticals including manufacturing, oil and gas, critical infrastructure, and nuclear power. It has also opened the floodgates to serious cyber security risks, threatening to cause billions of dollars in damage to industrial operations worldwide.

Cyber security threats unlike any other

“The cyber security threats faced in ICS are unlike any other,” warns Dimitrios Pavlakis, Industry Analyst for ABI Research. “ICS are, quite literally, powering the world’s leading and most critical industries. A well-placed cyber attack can cause human casualties, billions in infrastructure damage, and even bring certain operations of a country’s critical infrastructure to a grinding halt.” Social engineering, combined with cyber attacks and their mutations, have proved that digitised industrial systems are not only quite vulnerable but also a very attractive target for cyber-attackers.

IT and OT are juxtaposed
At the root of the problem is the juxtaposition of IT (Information Technology) and OT (Operational Technology). IT security integration is expected to absorb almost 80% of the ICS security in 2019, which is primarily led by successful Security Information and Event Management (SIEM) implementations. That is expected to drop below 70% by 2025 when other investment sources like OT asset management, threat intelligence, encryption, and ID management will increase considerably. Additionally, while threat intelligence, encryption, and ID Management in ICS will start slowly, they are expected to grow almost threefold in investment within the next five years.

Radical rethink required
“Industrial cyber security strategies need a radical rethink and should be built from the OT ground up to address the evolving threat landscape. Customising IT security and placing into an OT environment is not the answer but is one example of a strategy that is indicative of the inherent confusion regarding the ICS cyber security landscape,” says Pavlakis. Steering away from traditional “air-gapped” models (having no external connections) and embracing the underlying premise of Industry 4.0 for ICS is not an easy task. The same security procedures, protocols, network/user/device protection, and ID management that make sense in corporate IT environments cannot be applied to industrial ones. Doing so will not only serve to exacerbate the underlying “IT versus OT” issue but also will gravely hinder security operations and integrations of security products with ICS equipment across the board.

Industry giants are enhancing digital security
While most companies deal primarily with network visibility issues, there has been increased movement by both leading vendors and start-ups attempting to address the future ICS cyber security challenges. Industry giants in the OT space like Siemens, Schneider Electric, Honeywell, and ABB are greatly enhancing digital security in their own lines of industrial equipment. Other leading vendors are tackling issues holistically (e.g., Forescout), offering application-specific solutions (e.g., Sierra Wireless), or enhancing ICS components (e.g., Phoenix Contact). Finally, innovative start-ups like Dragos, Xage Security, Sentryo, Cyber X Labs, Scadafence, and Veracity Industrial Networks are focusing on network visibility, OT asset management, interoperability, and integration with IT security products – with a key emphasis on SIEM integration.

Identifying the foundational building blocks
“Increasing security infrastructure investment without hindering industrial operational objectives, managing the IT-OT convergence in a streamlined approach, developing new KPIs for cyber security operations, forcing the evolution of SIEMs and SOCs for ICS, and tending to the rising concerns from AI-borne cyber threats are the essential components and should be used as the foundational building blocks in the development of any ICS cyber security strategy,” Pavlakis concludes.