Industrial cybersecurity strategies need a radical rethink and should be built from the ground up
The paradigm shift brought forth by Industry 4.0 and the Industrial Internet of Things (IIoT) is significantly enhancing the digital and connectivity capabilities of Industrial Control Systems (ICS) across multiple verticals including manufacturing, oil and gas, critical infrastructure, and nuclear power.
It has also opened the floodgates to serious cybersecurity risks, threatening to cause billions of dollars in damage to industrial operations worldwide. Despite the imminent danger, cybersecurity investment within the ICS market is severely lagging, expected to barely cross the US$2 billion mark by 2025, according to ABI Research.
“Over the past years, this shift has allowed internet-borne cyberthreats to find their way into traditionally sheltered industrial networks, wreaking havoc to severely underprepared systems. The cybersecurity threats faced in ICS are unlike any other,” warns Dimitrios Pavlakis, Industry Analyst for ABI Research. “ICS are, quite literally, powering the world’s leading and most critical industries. A well-placed cyberattack can cause human casualties, billions in infrastructure damage, and even bring certain operations of a country’s critical infrastructure to a grinding halt.”
Social engineering, combined with cyberattacks like LockerGoga, WannaCry, notPetya, Triton, Sauron, CrashOverRide, DragonFly, and many of their mutations, have proved that digitized industrial systems are not only quite vulnerable but also a very attractive target for cyber-attackers.
At the root of the problem is the juxtaposition of IT and OT. IT security integration is expected to absorb almost 80% of the ICS security in 2019, which is primarily lead by successful SIEM implementations. That is expected to drop below 70% by 2025 when other investment sources like OT asset management, threat intelligence, encryption, and ID management will increase considerably. Additionally, while threat intelligence, encryption, and ID Management in ICS will start slowly, they are expected to grow almost threefold in investment within the next five years.
“Industrial cybersecurity strategies need a radical rethink and should be built from the OT ground up to address the evolving threat landscape. Customizing IT security and placing into an OT environment is not the answer but is one example of a strategy that is indicative of the inherent confusion regarding the ICS cybersecurity landscape,” says Pavlakis.
Steering away from traditional “air-gapped” models (having no external connections) and embracing the underlying premise of Industry 4.0 for ICS is not an easy task. The same security procedures, protocols, network/user/device protection, and ID management that make sense in corporate IT environments cannot be applied to industrial ones. Doing so will not only serve to exacerbate the underlying “IT versus OT” issue but also will gravely hinder security operations and integrations of security products with ICS equipment across the board.
While most companies deal primarily with network visibility issues, there has been increased movement by both leading vendors and start-ups attempting the address the future ICS cybersecurity challenges. Industry giants in the OT space like Siemens, Schneider Electric, Honeywell, and ABB are greatly enhancing digital security in their own lines of industrial equipment.
Other leading vendors are tackling issues holistically (e.g., Forescout), offering application-specific solutions (e.g., Sierra Wireless), or enhancing ICS components (e.g., Phoenix Contact). Finally, innovative start-ups like Dragos, Xage Security, Sentryo, CyberX Labs, SCADAfence, and Veracity Industrial Networks are focusing on network visibility, OT asset management, interoperability, and integration with IT security products – with a key emphasis on SIEM integration.
“Increasing security infrastructure investment without hindering industrial operational objectives, managing the IT-OT convergence in a streamlined approach, developing new KPIs for cybersecurity operations, forcing the evolution of SIEMs and SOCs for ICS, and tending to the rising concerns from AI-borne cyberthreats are the essential components and should be used as the foundational building blocks in the development of any ICS cybersecurity strategy,” Pavlakis concludes.