Historically, most machinery and engineering components used in manufacturing and the operation of power plants, etc., belonged to networks that were air-gapped and protected from the outside world. However, this has changed over the years and components of today’s ICSs are often connected directly or indirectly to the internet.
Industrial control system (ICS) is a general term used to describe the integration of hardware and software with network connectivity in order to support critical infrastructure.
ICS technologies include, but are not limited to, supervisory control and data acquisition (SCADA) and distributed control systems (DCS), industrial automation and control systems (IACS), programmable logic controllers (PLCs), programmable automation controllers (PACs), remote terminal units (RTUs), control servers, intelligent electronic devices (IEDs) and sensors.
The percentage of ICS computers attacked by cyber criminals reached an amazing 41.2% a couple years ago due primarily to an overall increase in malicious activity.
Given the importance of industrial control systems (ICS) cybersecurity, it is essential to understand the trends that dominate the ICS space. Attacks generally come from three sectors:
- External threats and targeted attacks — The aim of politically motivated attacks is usually focused on causing physical damage or operational disruption, while industrial espionage attacks will be more focused on stealing or damaging Intellectual Property (IP).
- Insider threats — From disgruntled employees to contractors with an ax to grind, the internal threat is real. Most ICS networks require little to no authentication or encryption that controls or restricts user activity.
- Human error – Some feel that human error is the biggest threat to an ICS network. Human errors can include making incorrect configurations, PLC programming errors or forgetting to monitor key metrics or alerts.
Cybersecurity professionals recommend that organizations have a strategy with proper measures in place. Training programs such as those offered by Tonex can help companies put together an affordable budget and plan to better combat ICS cybersecurity vulnerabilities.
Want to learn more? Tonex offers ICS Cybersecurity Training, a 4-day course designed for security professionals and control system engineers in order to provide them with advanced cybersecurity skills and knowledge in order to protect Industrial Control Systems (ICSs) and keep their industrial operation environment secure against cyber threats.
Additionally, Tonex offers nearly three dozen more courses in Cybersecurity Foundation. This includes cutting edge courses like:
—Automotive Cybersecurity Training (3 days)
—Disaster Recovery and Business Continuity Training (2 days)
—Network Security Training (2 days)
—Software Security Training (2 days)
—Introduction to Cryptography (2 days)
For more information, questions, comments, contact us.