![]() OT (operations technology) and IT (information technology) networks are converging and resulting in the evolution of a new threat landscape. With increasing digitalization (Industry 4.0 and smart grid networks), the use of the air gap has eroded or disappeared altogether. ![]() While many will agree that air gaps are disappearing, some still believe this is a viable security measure. However, a true air gap is no longer practical in an interconnected world. ![]() ICS Cybersecurity Myth #1 The ICS network is absolutely air-gapped/isolated from internet and corporate networks therefore there is no cyber risk Busting ICS Cybersecurity Myth #1Īir gaps between the ICS network and other networks-if implemented correctly and maintained-are very effective barriers against cyberattacks. I will cover ICS cybersecurity solutions and best practices in a future paper.įinally, there may be many more ICS cybersecurity-related myths, but I have included only the five most common in this blog series. To stay focused with the scope, I will try to avoid discussion on solving the ICS cybersecurity challenges, and rather focus on discussing the common myths and beliefs. In this blog series, we will not only discuss a few myths, but also review some of the cyberattacks that could have been prevented with basic awareness and security measures. Instead, we need to focus on exposing ground reality based on field experience and spread awareness. It even becomes more difficult to secure ICS due to inherent design issues and the presence of legacy systems and protocols with limited capability to support security requirements to address risks.Īs we discuss a few myths and beliefs related to ICS cybersecurity over a series of several blog posts, it is important to avoid blaming anyone (the operations team or the security team) for these beliefs. Also, ICS cybersecurity primary requirements (safety, reliability, and availability) are not exactly the same as the cybersecurity needs of corporate IT systems (which typically focus on confidentiality and privacy). However, because ICS are used in critical infrastructure, the implications of not having adequate cybersecurity measures in ICS are much more serious compared to that in corporate IT systems. Even if any cyberattack on ICS had happened before 2010, it must have gone unreported due to the lack of adequate ICS forensics capabilities to investigate ICS cyberattacks.Īs for business/corporate IT systems, the need for cybersecurity in ICS has evolved over a period of time, but at a much slower pace compared to corporate IT security. These beliefs were further strengthened because there was no evidence of any reported cyberattack against ICS until around 2010 or so. Concepts like firewalls, intrusion detection, and anti-virus measures were not well-known.Īs a result, organizations developed some beliefs about ICS cybersecurity (such as the air gap, proprietary ICS protocols, and security through obscurity), which, at that time, were sufficient to justify the “no further action for cybersecurity” policies. Cybersecurity was not even considered a concern at that time. For decades, physical gates and locks were used as primary protection mechanisms. In the older days of industrial revolution, ICS were built with a primary focus on safety, reliability, and availability. ICS systems get data from remote sensors and send commands to the machinery for the appropriate actions to take. ICS basically integrates hardware, software, and network connectivity for running and supporting critical infrastructure (such as electricity, gas, water, and so on). ICS are used for controlling and monitoring industrial processes used in manufacturing, energy, utilities, chemicals, and many other industrial sectors. It is a generic term used to describe various control systems and their instrumentation. ICS stands for industrial control systems (also know as operations technology or OT). This "mythbusting" blog series will disprove five common myths related to ICS cybersecurity. Misconceptions about ICS/OT cybersecurity are stubborn.
0 Comments
Leave a Reply. |