The current landscape for industrial control systems’ (ICS) cybersecurity is best described as turbulent, as system owners struggle to protect systems that were never intended to be interconnected. The systems have long existed in many industrial and manufacturing settings but were traditionally isolated. Technological advances and convergence with traditional information and communications technology (ICT) necessitate unparalleled security for the critical services they provide. Headline stories such as those about Stuxnet, Duqu and Flame revealed certain fallibilities surrounding ICS and serve as constant reminders for vigilance about vulnerabilities and attack vectors. ICS security incidents have become more frequent and attack vectors have expanded in the brief period since Stuxnet’s 2010 discovery by antivirus vendor VirusBlokAda.
Stuxnet caught many off-guard and created a tremendous demand for engineering expertise. Thirty minutes of searching in one’s favorite browser makes it clear that disagreement between ICS and IT cybersecurity camps is as plentiful as malware traversing the Internet. Despite high-profile incidents, governmental involvement and an increase in information sharing, barriers still exist today. These barriers hinder significant advances in ICS cybersecurity, especially in converged environments.
This white paper was researched and written to present a balanced, informed primer for cybersecurity practitioners, C-level executives and vendors alike. It scopes the threat environment, presents similarities and, where appropriate, discusses special considerations for ICS.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program