The fact that insiders – whether criminal or negligent, are a top cyber security threat substantiates the need for ICS real-time monitoring and process anomaly detection. Control system traffic is fairly predictable so, by establishing a baseline of ICS network communications and conducting continuous monitoring for anomalies, anything that deviates from expected behavioral patterns is an anomaly worth analyzing. Furthermore, it would be very valuable to identify if these anomalies are due to malicious activity or unintentional errors that could cause process impacts/disruptions – whether from internal or external sources.

Read More