ICS Security Risks For 2019 Revealed

Mille Gandelsman, CTO of Indegy, states, “In many ways, 2018 represented the coming of age for industrial cyber security. The adage that operational technology networks were isolated from threats by an air gap was recognized for what it is, a fallacy in an era of interconnectedness and IIoT technologies.”


Many pundits believe that even though industrial control systems have been running critical infrastructure and manufacturing since the 1950s, only in the last few years have they undergone a “coming of age” when it comes to security. This is primarily due to a confluence of events that have propelled OT threats to the C-Suite risk agenda. Namely, the adoption of IIoT, the convergence of IT and OT environments, and the increased targeting of these mission critical systems by rogue parties that are both known and unknown entities. What used to be isolated, air gapped “set and forget” OT networks have become ground zero for potentially debilitating cyber-attacks.

Fierce AI Week

Register today for Fierce AI Week - a free virtual event | August 10-12

Advances in AI and Machine Learning are adding an unprecedented level of intelligence to everything through capabilities such as speech processing and image & facial recognition. An essential event for design engineers and AI professionals, Engineering AI sessions during Fierce AI Week explore some of the most innovative real-world applications today, the technological advances that are accelerating adoption of AI and Machine Learning, and what the future holds for this game-changing technology.


It is not all doom and gloom, however. Progressive industrial organizations are well down the path of ensuring the full visibility, security and control of their environments. If fact, many organizations that must meet a minimum-security compliance level such as NERC, NIST and NIS have gone way beyond these basic directives. The markets have reacted quickly to this new threat vector and attack surface. And while OT environments are certainly not 100% secure, we are moving in the right direction.


As 2018 winds down, the obvious question is what can we expect next year? Based on our daily interactions with professionals working to secure their industrial control systems, we have pulled together the following predictions about the 2019 Industrial Security landscape.


1. ICS Security Will Become More Mainstream


As noted earlier, many large industrial and critical infrastructure organizations have already made investments to secure their OT infrastructure to the same or even a higher degree than their IT infrastructure. We expect this trend to continue in 2019. In addition, we predict it will extend beyond large organizations to midsize and smaller companies. Given the clear and present threat, ICS security is no longer an early adopter segment and will become a mainstream requirement for every industrial organization regardless of size or vertical.


2. Hacking Tools for Critical Infrastructure Will Be more Accessible


And that brings me to the adversaries responsible for ICS attacks. There is no question that many past attacks have been conducted by nation states, rogue factions and insiders. Going forward, we will likely see lone wolves and non-nation actors also launching attacks. The barriers to entry are lower, and with a little know how OT based attacks can be carried out by the general hacking community rather than being relegated to state sponsored cyber warfare initiatives.  


3. Of Course, Attacks Will Continue to Get More Sophisticated


In general, most of the attacks that we have seen to date were aimed at a single target or country. Attacks will continue to grow in sophistication and become multi-pronged, targeting multiple locations and sites simultaneously or in close succession. Organizations will need to consider this possibility and once again evolve their security posture accordingly.


4. Active Detection Will Be Too Valuable to Ignore


The previous prediction will not only push organizations to act, but also force them to address new threats in a more proactive way. Passive or “listening only” monitoring only looks at network traffic and it will no longer be sufficient. Rather, Active Threat Hunting through safe device querying will become essential to gain the visibility, security and control necessary to protect against a new generation of threats. “Active” covers the 50% of threats that can’t be detected with network-only monitoring. Many OT security vendors are only now adding rudimentary active capabilities.  


5. More Collaboration/sharing of OT Threat Intelligence


In threat hunting, several other capabilities will be required to better identify, mitigate and report on new ICS threats. In the coming year we are likely to see a maturation of ICS threat intelligence. This includes the use of external security data feeds as well as integrating OT security technologies with SIEMs, next generation firewalls, etc. There will also be more sharing of information across communities such as OISF, which has been a mainstream practice for years in IT. It will be embraced by the OT community as a key way to more quickly identify threats and protect against new attacks that can impact ICS environments.


6. Real Standards for ICS Security Will Emerge


Finally, in addition to all the above, we will see new ICS specific standards, guidelines and best practices for assessing and hardening the security of ICS environments published and adopted. 


Looking at 2019 and beyond, ICS threats will continue to escalate and evolve, but we predict the solutions to combat these threats will effectively address whatever emerges. In planning your strategy, look for ICS security vendors that are experts in what they do and can help chart the course that is right for your organization both now and into the future. For more details, visit Indegy.


Suggested Articles

Hydrogen refueling stations are limited in the U.S., restricting interest in use of fuel cell electric cars

Silicon Labs is providing the BT module needed for detecting proximity with another Maggy device

Test automation won't fix everything, but can help, according to an automation engineer. Here are five problems to avoi to improve chances of success