Based on recent reports of Russian involvement in a multistage intrusion of the US power grid, it’s no longer a question of “if” threat actors will gain access to critical infrastructure control systems – it’s when it will happen again, and for what purpose.
What can be done to thwart these potentially disruptive assaults?
One of the findings of the recent SANS report “Securing Industrial Control Systems – 2017” is that the number one technology industrial organizations are looking to implement over the next 18 months is intrusion detection.
Up until recently, detecting anomalies on ICS networks that might be caused by a cyberattack has been ”mission impossible.” That’s because such networks typically include equipment from a wide assortment of vendors, run thousands of real-time processes and generate huge volumes of data. Analyzing and monitoring this data to detect anomalies was very difficult.
The good news is that a new generation of ICS cyber security tool is available for industrial intrusion detection. This article describes how our product, SCADAguardian does it, and gives an example of how it would detect and counter a cyberattack on a regional control center of an electric power utility.
Government, industry, system integrators and automation vendors all know that industrial cyber security needs to be improved. Yet, all too often both enterprise and industrial networks are still managed without a coherent security strategy. What’s the reason? First and foremost, there is a lack of industrial security expertise in the workforce. Secondly, up to now, technologies have focused on modularized solutions for either the enterprise network or the industrial environment, without paying attention to the integration between the two. The good news is that a new generation of solution helps overcome both the skills shortage and the IT/OT divide.
A recently released study by the Ponemon Institute finds that 61% of oil and gas operators in the U.S. indicate that their organization’s ICS protection and security is inadequate. While the implementation of digitally connected industrial components is delivering business benefits, it has significantly increased cyber risk. Yet only 41% of companies continually monitor OT infrastructure to prioritize cyber threats and attacks.
At the recent ARC Forum in Orlando, the automation community met to discuss pressing issues for the future. Cyber security was on top of the list of topics, with a full track led by ARC’s lead industrial security analyst Sid Snitkin. He led a panel that addressed an important new tool: ICS anomaly and breach detection solutions. Let’s look at the four critical capabilities ARC identified for these products, and how Nozomi Networks’ technology addresses them.