Industrial cybersecurity strategies need a new approach
Cybersecurity investment within the industrial control system (ICS) market is lagging in spite of the imminent threat it poses to manufacturers. It is expected to barely cross the $2 billion mark by 2025, according to ABI Research, a global tech market advisory firm.
“Over the past years, this shift has allowed internet-borne cyberthreats to find their way into traditionally sheltered industrial networks, wreaking havoc to severely underprepared systems. The cybersecurity threats faced in ICS are unlike any other,” said Dimitrios Pavlakis, industry analyst for ABI Research.
“A well-placed cyberattack can cause human casualties, billions in infrastructure damage, and even bring certain operations of a country’s critical infrastructure to a grinding halt.” Social engineering, combined with cyberattacks like LockerGoga, WannaCry, notPetya, Triton, Sauron, CrashOverRide, DragonFly, and many of their mutations, have proved that digitised industrial systems are not only vulnerable but are also an attractive target for cyber-attackers.
At the root of the problem is the conflict between information technology (IT) and operations technology (OT). IT security integration is expected to absorb almost 80% of the ICS security in 2019, which is primarily led by successful security information and event management (SIEM) implementations. That is expected to drop below 70% by 2025 when other investment sources like OT asset management, threat intelligence, encryption, and ID management will increase considerably. Additionally, while threat intelligence, encryption, and ID Management in ICS will start slowly, they are expected to grow almost threefold in investment within the next five years.
“Industrial cybersecurity strategies need a radical rethink and should be built from the OT ground up to address the evolving threat landscape. Customizing IT security and placing into an OT environment is not the answer but is one example of a strategy that is indicative of the inherent confusion regarding the ICS cybersecurity landscape,” Pavlakis said.
Steering away from traditional “air-gapped” models (having no external connections) and embracing the underlying premise of Industrie 4.0 for ICS is not an easy task. The same security procedures, protocols, network/user/device protection, and ID management that make sense in corporate IT environments cannot be applied to industrial ones. Doing so will not only serve to exacerbate the underlying “IT versus OT” issue, but also will hinder security operations and integrations of security products with ICS equipment across the board.
While most companies deal primarily with network visibility issues, there has been increased movement by leading vendors and start-ups attempting the address the future ICS cybersecurity challenges. Industry giants in the OT space like Siemens, Schneider Electric, Honeywell, and ABB are enhancing digital security in their own lines of industrial equipment. Meanwhile, start-ups like Dragos, Xage Security, Sentryo, CyberX Labs, SCADAfence, and Veracity Industrial Networks are focusing on network visibility, OT asset management, interoperability, and integration with IT security products – with a key emphasis on SIEM integration.
“Increasing security infrastructure investment without hindering industrial operational objectives, managing the IT-OT convergence in a streamlined approach, developing new KPIs for cybersecurity operations, forcing the evolution of SIEMs and SOCs for ICS, and tending to the rising concerns from AI-borne cyberthreats are the essential components and should be used as the foundational building blocks in the development of any ICS cybersecurity strategy,” Pavlakis said.
Suzanne Gill is editor, Control Engineering Europe. This article originally appeared on the Control Engineering Europe website. Edited by Chris Vavra, production editor, Control Engineering, CFE Media, email@example.com.