Key Security Components for an Industrial Control System (ICS)

Institutions and End Users can only benefit from Water Loss Programs Implemented by Utilities part 2 of 2
December 6, 2015
China: A Model Project Development Fund for Public-Private Partnerships
May 16, 2016
Key Security Components for an Industrial Control System (ICS)

With significant security risks and attacks against Industrial Control Systems (ICS) growing in volume, firms that offer and implement comprehensive solutions are needed. The financial and legal ramification of breached industrial control systems is mounting across the world. Regulators are increasingly interested in an organization’s ability to defend against cyber-attacks. The fragmentation of partial solutions and the complex integration of those pieces is all too common and is becoming a cost and risk that owners want to mitigate against. Threats and cyber incidents, malicious and accidental, occur every day on industrial control networks and cannot continue to be kept silent, these systems are an integral part of the critical infrastructure that facilitate operations in vital sectors such as power generation, oil and gas, water, transportation, food, pharmaceutical and chemical. As cyber-security solutions are being increasingly designed into the operations and policies of organizations, there are key constituents that can drive targeted solutions to the ICS environment:

  • Audit and application of security policies and procedures that are developed specifically for control system network and its devices
  • Access controls through the LAN, WAN and physical perimeters complemented with secure data transfers
  • Threat Detection of abnormal and malicious activity at all levels of the ICS infrastructure
  • Risk management and mitigation against possible attacks with an installed security suite of products that enhance and regulate your ICS without disrupting the controlled process – virtualized functions and hardware appliances
  • Resolution of key security problems that requires intrinsic relationship with vendors

The items mentioned above are typically offered through 3 to 4 companies; a mixture of OEM, consultant and software vendors. A grouping of the best in class relevant companies will provide end users the best in class solution – A one stop shop.

Initiatives by ICS vendors to reduce security risks to control systems in response to growing cyber security threats is occurring and resulting in automation professionals being more effective in securing their industrial processes through a combination of control system design and best practices, technologies and professional services. As the ICS represents the core of production, the cyber security processes must address both internal and external threats via multiple layers of defense which mitigates against various types of risk; A Risk Informed Electronic and Physical Defense-in-Depth Methodology. ICS vendors and automation professionals must be committed to providing an evolving set of products and services that help mitigate risks and improve security of the production assets. The silos of information that exist within organizations today, have resulted in silos of security information that are rarely shared. Comprehensive solution providers will acquire, integrate and facilitate the adoption of new cyber security technologies and deliver that needed comprehensive security product to end users. We must have cost-effective and efficient solutions that will keep industrial facilities safe, as this is critical to the global economy.

A. Gosine
A. Gosine
Projects Director - MG Strategy+ http://www.mg-strategyplus.com

Leave a Reply