Industrial Control Systems (ICS): What Are They and How Do We Secure Them?

What is an industrial control system (ICS)?

An industrial control system (ICS) refers to cyber-physical technologies that manage processes, such as manufacturing, production, and distribution. Some examples include: 

• Programmable logic controllers (PLC) found in the industrial sectors and critical infrastructure such as transportation and energy

• Supervisory control and data acquisition (SCADA) systems used to control geographically distributed assets

• Industrial automation and control systems (IACS)

Like most networked devices, these cyber-physical systems require adequate security to protect them from malicious or negligent activity. Outdated, unpatched and generally insecure systems can become vulnerable to devastating cyberattacks leading to disruption of process, damage to property,  or even loss of life, as one attempt to poison the Florida water supply revealed. It’s important to note that the threat to these systems can originate as a malicious cyberattack, or some type of insider threat, caused either by malicious intent or negligence on the part of employees, contractors, or partners. 

The Cybersecurity and Infrastructure Security Agency (CISA) recently published a list of 20 Industrial Control Systems Advisories, detailing current known security issues and potential vulnerabilities, or flaws, that can adversely impact control systems. Additionally, the National Institute of Standards and Technology (NIST), housed under the Department of Commerce, has published a Guide to Industrial Control Systems Security, for ICS operators to familiarize themselves with. 

ICS systems are inherently complex, and the lack of security can expose them to several types of threats. Attackers can gain access to control systems through a variety of methods, including:

• Phishing attacks to exploit operational technology (OT) account credentials

• Lateral movement on the network

• Exploiting IoT devices and other internet-connected systems

• Rogue or unauthorized devices

Improving ICS Security

Research from ICS security firm, Dragos, revealed that attacks on industrial control systems increased 500% between 2018 and 2021. A number of cybercriminal organizations stood out in the data as being responsible for several of the attacks, including Hexane, Parisite, Wassonite, and Raspite. While there are often financial motivations for cybercrime, attacks on ICS may also be perpetrated by nation-state threat actors or politically affiliated organizations hacking for the sake of their ideology, as means of sending a message and demonstrating their capabilities. Securing ICS against cyber threats involves implementing a layered defense and following a number of established best practices, including: 

• Monitoring network activity and collecting data to identify potential suspicious behavior that may indicate an intrusion or attack 

• Ensuring security systems and devices are configured correctly

• Implementing asset management and threat detection tools

• Securing remote access to systems 

• Using least privilege to prevent unauthorized access to critical systems and operations.

• Reducing the attack surface by locking down unused ports and turning off unused services

• Integrating an intrusion prevention system (IPS) to discover and prevent attempted exploitations of known vulnerabilities in ICS associated systems 

• Segmenting networks to help ensure that threats can’t move to critical systems 

• Establishing policies that ban or limit the use of personal devices on the network

• Banning the use of removable media (USB, CD) on network devices 

• Implementing detailed online and offline backup procedures that allow system recovery in the event of an incident such as a ransomware attack

• Conducting regular security awareness training for employees, contractors, and partners

• Practicing OT incident response in a live-fire cyber range environment with real-world cyberattacks and security tools

While industrial control systems can be complex and potentially vulnerable, they are an essential part of critical infrastructure, manufacturing, and similar industries. For this reason, a number of companies are working to design and implement security solutions specifically for industrial control systems. Securing these systems against attacks is crucial to ensure their effective operation as well as the availability of the services they provide.

Several factors contribute to the increased vulnerability of industrial control systems:

Higher demands for availability – ICS availability and uptime are crucial in critical infrastructures and other industries. The continuous availability requirements often make it challenging to secure these systems since they can't readily be taken offline for security updates and patching. 

Many of these types of systems pre-date the internet – They’re using older protocols and outdated, less secure, technology. When these systems were isolated, this was less of a problem. Today, the increased efficiency that we derive from networking these devices comes at a cost: the potential threat of attack from malicious entities. 

Operator concern regarding the effects of new technologies on existing systems  – Despite the critical nature of these systems, or perhaps because of it, operators are often concerned about the effects security technologies will have on system performance. The addition of new technologies generally adds complexity to systems and processes, and has the potential to increase an organization’s attack surface, the different points of entry an attacker might utilize to gain entry or access.

Additionally, consider that the ICS might not be the attacker’s final destination. Because of the security challenges affecting ICS systems, they may provide the ideal entry point for a cyber criminal. Once in, they can move laterally across the network and access other systems.

Protecting industrial control systems is a matter of both national and economic security. Unlike attacks on other industries, threats to ICS have the potential of directly leading to loss of life –  making it critical that we deploy adequate defenses to protect these vulnerable systems. 

Ready to accelerate your ICS security and OT incident response? Contact us today to get started.