Industrial control systems (ICS), or the hardware and software that monitor and control physical equipment and processes for critical infrastructure, such as water, oil, gas, energy and utilities, as well as automated manufacturing, pharmaceutical processing and defense networks, present a wildly attractive target for those who seek to cause disruption or to threaten infrastructure for their own purposes. Because of the significant costs of designing, developing and optimizing control systems, those seeking to gain technical data for their own use also target them.
SANS recognized the growing concerns about attacks on this sector
with the appearance of Stuxnet and began developing an ICS security specific practice, including a growing selection of educational offerings and an annual survey of professionals working or active in industrial control systems. Since our first ICS security survey, we have seen such disturbing events as the 2014 German steel mill incident and ICS-targeting malware such as Havex and Dragonfly.
In 2015, we conducted our third survey on ICS security, which was taken by 314 respondents. Their answers indicate their organizations are concerned about keeping their most basic ICS operations running reliably and safely. They also show an increasing uncertainty over whether their systems had been infiltrated without their knowledge.
The results also echo other industry data indicating more frequent targeting of industrial control systems, particularly energy-generation systems. Data also shows that those targeted attacks have resulted in a rising number of breaches.
While control system networks are not necessarily more opaque than IT systems, the available tools to map and monitor their traffic and attached devices have been less robust than their IT counterparts. It is essential that industry leaders provide their security practitioners with the tools, training and resources to gain the insight needed to protect these critical assets.
Threat vectors do vary, but the top vector consists of external actors (hacktivists or nation states). Threats from these sources were chosen by 73% as one of the top three threat vectors. Although 25% of respondents’ breaches were attributed to current employees (insiders), 48% cited insider threat as being among the top vectors.
By reading this report, ICS professionals will gain insight into the challenges facing peers, as well the approaches being employed to reduce the risk of cyberattack.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program