Electricity + Control

 By Goran Novkovic, Valiver

As industrial cybersecurity attacks continue to increase in frequency and sophistication, we need to do everything to stay protected.

We hear about cybersecurity incidents on a daily basis, but how relevant are these incidents to your organisation? Cybersecurity incidents are happening globally; do you think that they are just too far from you? If you are an organisation that manages critical infrastructure, these cybersecurity incidents are more relevant than you may think.

Protecting critical infrastructure in AfricaNational and economic security of Africa, South Africa in particular, depends on reliable functioning of critical infrastructure. Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure, placing national security, economy, public safety and health at risk ... like never before. Due to the increasing pressures from external and internal threats, organisations responsible for critical infrastructure need to have a consistent and iterative approach to identifying, assessing, and managing cybersecurity risks. This approach is necessary regardless of size of the organisation, threat exposure, or cybersecurity sophistication today.

OT and ICS – fundamental components of national critical infrastructure

Operational Technology (OT) and Industrial Control Systems (ICSs) are the fundamental components of national critical infrastructure in any country. Most sectors rely on ICSs to ensure process control and safety, which ensure continuity of national critical functions. Key industry sectors such as energy, water/wastewater, telecommunication, transportation, oil and gas and chemical, all rely on ICSs to supervise and control their key processes. As industries lean towards pervasive process automation and maintenance-free operations, the role of ICSs in these sectors is even greater.

Digital transformation changed the ICS environment from proprietary and isolated systems to open architectures and standard technologies. This move towards connecting ICS and IT environments (IT/OT convergence) results in an increased attack surface exposing the critical functions to higher cybersecurity risks. The priority of ICS security results from the great impact on national critical functions. The interconnection of critical Infrastructure across the continent, or a particular country, may result in a cascading effect in the case of a successful cybersecurity attack. With new, open technologies and communication protocols, ICSs are increasingly vulnerable to attack, disruption and damage.

ICS cybersecurity in the converging IT/OT environment

Nowadays, organisations are facing increased IT/ OT convergence and operational models that often require remote network access. The critical infrastructure demands high quality, real-time information to make more accurate business decisions. With Fourth Industrial Revolution (Industry 4.0) and Industrial Internet of Things (IIoT) that promise new opportunities for cost savings and operational improvements, ICS and IT systems will be completely interconnected. The result of this dynamic change in the industry is that availability, reliability, integrity, safety and security of ICSs, networks and devices can no longer be taken for granted.

As ICSs are adopting IT solutions to promote corporate connectivity and remote access capabilities, and are being designed and implemented using IT standard computers, Operating Systems (OSs) and network protocols, they are starting to resemble IT systems. This integration supports new operational capabilities, but it provides significantly less isolation for ICSs from the outside world than predecessor systems, creating a greater need to secure these systems. A rapidly increasing number of incidents in the ICS domain, many of which are confirmed or believed to result from cybersecurity attacks, reveals the vulnerability and fragility of this area and highlights the importance of continuous improvement of ICS cybersecurity.

The critical infrastructure community includes public and private organisations and other entities with a role in securing the national infrastructure. Members of each critical infrastructure sector perform functions that are supported by IT and OT including ICSs. The OT and IT are increasingly advanced, pervasive and connected. This reliance on technology, communication, and the interconnectivity of IT and ICS has changed and expanded the potential vulnerabilities and increased potential risks to operations. While IT/OT convergence offers many benefits, it also increases the connectivity and criticality of these systems and creates a greater need for ICS adaptability, resilience, safety, and security. Nowadays, industrial organisations globally take safety seriously and have reduced cybersecurity risks for people. But as the world rapidly connects devices and machines, it is time to assess cybersecurity weaknesses as the first step toward ensuring better protection of people, information, technology, and facilities. Safety must be job one!

Securing OT, ICS and IT environments

Securing an OT and ICS environment is significantly different from securing a traditional IT environment. What we are securing is different, and how we are securing it is different. Although some characteristics are similar, ICS has characteristics that differ from traditional IT systems. Many of these differences come from the fact that ICS has a direct effect on the physical world. Some of these characteristics include significant risk to the health and safety of human lives and serious damage to the environment, as well as serious issues such as production losses, negative impact to a national economy, and compromise of proprietary information. ICSs have unique performance and reliability requirements and often use operating systems and applications that may be considered unconventional to typical IT personnel. Furthermore, the goals of safety and efficiency sometimes conflict with security in the design and operation of ICSs.

Attack on IT – attack on OT

An attack on IT could lead to information theft, but an attack on OT could affect the physical world (people, technology, environment, facilities). It is a serious distinction. IT cybersecurity focuses on digital information protection, while OT cybersecurity focuses on people and physical asset protection. ICS is cyber-physical, often directly affecting the real world. This means that risk calculations include potential impacts in scope and at scales greater than in information only environments, including but not limited to loss of lives, ecological damage, intellectual property theft and revenue losses.

While security solutions have been designed to deal with these security issues in typical IT systems, special precautions must be taken when introducing these same solutions to ICS environments. In some cases, new security solutions are needed that are tailored to the ICS environment. The traditional IT priorities of information Confidentiality, Integrity and Availability (CIA Triad) are shifted in ICS to system Availability, Integrity and Confidentiality (AIC Triad). To deliver cybersecurity solutions specific for ICS requires an industrial mindset, purpose-built technology and specific OT security expertise. To the extent that cybersecurity events can disrupt public safety and security, ICS cybersecurity is quickly emerging as a top national priority.

Cybersecurity solutions must be implemented in a way that maintains system integrity during normal operations, as well as during a cybersecurity attack. Many organisations recognise cybersecurity challenges, but need help defining a road map to protect critical infrastructure and valuable assets. They need an approach that draws on the success of others through manageable cybersecurity processes and measurable improvements.

One of the major constraints to protecting ICSs is a misunderstanding of the difference between IT and OT. It remains a fuzzy area in terms of how these two overlap, where they diverge, and who, with regard to internal security teams, is responsible for securing what. ICS cybersecurity is a relatively young and very specific field. Protecting critical infrastructure in Africa (South Africa) must be based on proven cybersecurity practices to exploit opportunities through a better understanding of similarities and differences in the IT and OT world, organisational cybersecurity risks that will lead to establishing cybersecurity governance, developing cybersecurity framework, and building effective cybersecurity programs.

Conclusion

Organisations must recognise that establishing a successful and sustainable cybersecurity programs is a significant effort, but it can be and it must be done. The importance of protecting critical infrastructure goes beyond one organisation, country or continent, and this will only become more evident with Industry 4.0 and Internet of Things (IoT and IIoT) as the trend of interconnected systems continues to expand in the future.

Image credit:  Copyright: gavrilichev / 123RF Stock Photo

 
Full Name*
Invalid Input

Company Name*
Invalid Input

Your Email*
Invalid Input

Phone*
Invalid Input

Postal Address 1*
Invalid Input

Postal Address 2*
Invalid Input

Postal Code*
Invalid Input

Street Address 1
Invalid Input

Street Address 2
Invalid Input

Postal Code
Invalid Input

Town / City*
Invalid Input

Country*
Invalid Input

Magazine

Invalid Input

Invalid Input