Securing the Edge: Understanding and Defending Against ICS-OT Cyber Threats
As cyberattacks on industrial and utility systems grow in frequency and complexity, operators must assess vulnerabilities, analyze incident origins, and adopt tailored, cost-effective defenses to safeguard operational safety and continuity
Illustration: Antoni Shkraba Studio via Pexels.com
Industry experts are periodically informed on new vulnerabilities related to Programmable Logic Controllers (PLC), Remote Terminal Units (RTU), Human Machine Interface (HMI), and Intelligent Electronic Devices (IED), supplied by a range of well-known vendors. These exposures, related to Industrial Control Systems (ICS)/Operational Technology (OT) have led to growing concerns among system operators about potential risks.
Among the published cybersecurity incidents targeting Industrial, utility, and manufacturing facilities, you will find attacks that may directly or indirectly affect the industrial process, causing operational outages, damage to machinery, and risks to human life.
To ensure the continuity of your business operations, you must also be concerned about incidents caused by failures, uncorrected actions by authorized personnel, and internal or external supply chain-initiated cyberattacks. This paper aims to help readers understand IT and OT-related cyber incidents and select suitable, cost-effective cyber defense solutions that ensure the facility's operational safety, reliability, and performance (SRP).
Typical Incident Analysis
ICS-OT related incidents may be created by a) OT products or software bugs, b) incorrect actions by authorized personnel, and c) cyberattacks, which can be internally, externally generated, or supply-chain initiated. We must be aware of these factors to create an optimal defense procedure for each facility.
The ICS-OT architecture might have one or more unsolved vulnerabilities caused by hardware, software, physical security, or poorly structured program; b) someone might have a or strong motivation; and c) the attacker has the confidence that the planned attack is possible and can be completed successfully.
When analyzing the possible impact on an industrial facility, as shown below, it is essential to pay attention to a) Incidents impacting only the IT Zone, b) Incidents against the IT Zone that might indirectly affect the OT Zone, c) Incidents starting at the IT Zone but the attack might proceed to the OT Zone and finally incidents aiming to impact the OT Zone and cause operation outage, damage or risk lives.
ICS-OT cybersecurity experts must accurately analyze the possible attack vectors and assess the possibility of conducting a direct attack on the ICS-OT zone or an attack that might start by compromising the IT architecture and the segregating barriers. They must select the most suitable, effective, and cost-effective cyber defense measures, based on a prior understanding of the plant’s control processes. Once these studies are completed, the local teams can analyze the sources of cyberattacks and evaluate who or which organizations might have initiated the attack.
Daniel Ehrenreich, BSc. is a vendor-independent consultant and lecturer acting at Secure Communications and Control Experts (SCCE) and periodically teaches and presents at industry conferences on the integration of cyber defense with industrial control systems; Daniel has over 34 years of engineering experience with ICS and OT systems for electricity, water, gas, and power plants. LinkedIn