In the 2017 SANs Securing Industrial Control Systems report it was revealed that 69 percent of security practitioner study respondents believe cyber threats targeting Industrial Control Systems (ICS) have increased to a high or severe / critical level. The report echoed what many in the security industry have been warning about for many years–ICS is under attack and a successful assault could lead to disaster.
Industrial Control Systems are the computing machines which monitor and control a country’s critical national infrastructure, carrying out tasks like ensuring the correct level of electricity is supplied into peoples’ homes. A nation’s critical national infrastructure is of vital importance to its society and economy as it provides essential services for industries — including manufacturing, transportation, energy, oil and gas. Because computers control critical national infrastructure, they are also vulnerable to cyberattacks. This puts critical national infrastructure at significant risk and if a hack attempt were successful, it could be disastrous for any country. Thus, it comes as no surprise that almost half (46%) of SANs survey responders with budgetary knowledge report their ICS Security budgets increased from their fiscal year 2016. When looking at energy, or utility services specifically, as was highlighted in the 2015 Ukraine power grid outage, any deficiency or disruption to the electricity or gas supply could be catastrophic.
As a result of the potential dangers a digital security incident could have on the power grid, it is imperative that security issues within these systems are addressed. What are the key steps power grid operators can take to strengthen the security posture of their ICS?
The Increased Threat to Industrial Control Systems
Traditionally cyber security practices in critical infrastructure relied upon isolation of networks from the enterprise environment and the outside world to avoid attacks and minimize incidents. Today, however, this approach is no longer viable. Systems are no longer truly isolated. They are connected to the network, and even the Internet.
In addition to this, with the development of the Internet of Things (IoT), many ICS are now being connected to other, often insecure, devices so they can be controlled remotely. Modern power grids, machines, devices, sensors and people connect and communicate with one another, offering the ability to make decisions and implement fixes without even having to physically enter the industrial plant or visit the factory floor. The benefits of this increased connectivity and convergence come with great advantages, however, with systems now being connected to the Web, they’re potentially discoverable to anyone looking, and this leaves them vulnerable to attack.
Creating Robust Cyber Defenses
To reap the full benefits of increased modernization and connectivity, power grid networks and the devices they connect with must be secure. The critical role that the power grid plays in the functioning of today’s society means that leaving these networks exposed is not an option.
While it is true that the energy industry has been more progressive and proactive about cyber security than some other sectors, there is always room for improvement and innovation. As a starting point, operators should implement the mitigations recommended by ICS-CERT, which include verifying that control systems are deployed securely and that no devices have a direct Internet accessible configuration.
In addition to this, in order to increase security, power grid operators should look at technology innovations, such as Machine Learning (ML) and Artificial Intelligence (AI). Both ML and AI can help to enhance cyber-attack detection and speed up the investigation of incidents to contain attacks before significant damage can occur. They can also help with efficiencies by taking over manual processes.
These powerful solutions can monitor networks, in real-time, and rapidly detect any changes from baseline behavior:
· Machine Learning is used to automatically discover, in real-time, the industrial network including its components, connections and topology.
· This is then supplemented with advanced learning capabilities (AI) to develop process and security profiles, mapping relationships and changes.
· Lastly, real-time monitoring and threat detection immediately provide alerts that identify possible intrusions or anomalies to the normal operations of critical processes.
The combined use of ML and AI offers operational efficiency benefits by consolidating high volumes of alerts into context-aware incidents. If this task could be carried out manually it would require many highly-trained individuals, a luxury the security sector doesn’t have considering the shortage of cybersecurity professionals.
By baselining the devices on the network, and assessing how they impact process behavior, any malfunctions, misconfigurations and irregularities can be quickly spotted, preventing frustrating service disruptions and even expensive repairs or loss of revenue. This intelligence can also speed up investigations of security incidents to contain attacks before significant damage can occur, without needing to add additional skilled staff.
Historically power grid organizations have focused on strengthening security by isolating critical infrastructure networks and building a barrier between them and the corporate environment. This approach no longer works today. Rather than reversing or even hindering connectivity and its benefits, modern power grids should look to harness the power of ML combined with AI to increase security and productivity.
About the author: Edgard Capdevielle is the CEO of Nozomi Networks. He has an extensive background in cyber security and the industrial arena, giving him unique insight into the complex challenges the sector faces. As CEO of Nozomi Networks, Edgard has a front-row seat to the cybersecurity challenges facing infrastructure operators around the globe and the role technology innovation is playing to protect critical systems from escalating threats.