Top five hurdles to security and compliance in industrial control systems
by Jacob Kitchel - Sr. Manager of Security and Compliance Industrial Defender - Thursday, January 24, 2013.
One of the most effective ways to protect against these types of attacks is for operators to continually monitor their networks to develop a baseline of normal activity. This baseline is a reference point that can help operators quickly identify the anomalous, attack-related activity they need to guard against.

However, for most ICS and automation system operators, baselining and tracking expected behavior is difficult, and requires lots of time and specialized expertise. Additionally, not all applications and operating systems are easy to configure in order to log the data required to accurately detect anomalous behavior. Although asset owners can benefit from having logging and monitoring capabilities in their ICS-process specific applications, most often, these capabilities are geared solely to making improvements in process performance. By refocusing their use of these systems to include detection of anomalous – and therefore suspicious – network activity, ICS owners can significantly improve the security posture of their systems.

5. Collection, Analysis, and Workflow Lifecycle Integration – Many organizations stop at the collection step and then label their security and compliance efforts a success. The fact is that data collection is really just the first step. To be truly successful, an organization must collect, analyze, and then act on the security and compliance data it gathers from its ICS environment. By continually iterating over and acting upon the data, an organization can track and improve its security and compliance efforts over time.

For example, consider an organization that logs failed logons. If no analysis is performed on the failed logon events, the organization will not know if the failures are malicious or if the events are failed logons from a service that is configured to use an expired password.

Another example, from a compliance perspective, is when an organization logs events to meet a compliance requirement. How will the organization know when log data collection fails or if there is a gap in the collection? Without tracking the dates, times and failures of log collection, the organization leaves itself vulnerable to a compliance deficiency.


The scope and pace of technological change now occurring or coming soon to many ICS environments present new risks to automation systems professionals. But as is always the case with change, risks are accompanied by opportunities. Old approaches to ICS system design and security are becoming increasingly ineffective in the face of major technology trends and business changes that are now impacting operators. Forward-thinking professionals must find effective ways to overcome these new security and operations challenges.

The first step is recognizing that in many areas of ICS security, what worked in the past likely won’t work in the future. Teams must explore new options and develop effective business cases for investing the next-generation ICS security technologies. By embracing the changes that are taking place in the industry, and adopting new solutions to address them, ICS professionals will be able to mitigate risks and capitalize on the terrific opportunities that lie ahead.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th