In the first part of this post we discussed top threats that industrial IT and OT security professionals can expect in 2018 and beyond.
In part two of the industrial cyber security predictions series, we take a look at the positive trends on the horizon. In 2017, we saw more organizations implementing ICS security solutions and integrating them with existing security operations centers (SOC) tools, such as SIEM and Incident Management Systems.
Growing Awareness of OT Security Gaps within Industrial Organizations
The increase in security alerts generated from ICS environments is raising awareness among IT and executive management of the critical security gaps that need to be addressed in these environments.
Cyber Security for Industrial Building Management/Automation Systems (BMS/BAS)
Buildings are typically not considered critical infrastructure, yet they house data centers, healthcare and government services, and more. BMS/BAS centralize a wide range of important building control functions and services, including HVAC, lighting, water and wastewater management, fire suppression systems, close circuit television (CCTV), and access control.
Since modern BMS/BAS systems are often connected to the corporate network and the Internet to enable remote control and management, they are exposed to cyber threats. Similar to other ICS technologies, these were not designed with security in mind and lack basic security measures.
Increasing awareness to the importance of, and security threats to, BMS/BAS systems is driving interest in protecting them against cyber incidents.
Increasing Adoption of Industrial Cyber Security Frameworks
Even though most industrial cyber security frameworks are not mandatory, there has been a significant uptick in organizations looking to implement them over the past year.
We expect this to continue in 2018. While cyber security compliance is an important goal, it is even more imperative to implement measures that provide much needed visibility into industrial network activity to detect incidents and conduct the right incident response.
NIST Cybersecurity Framework
NIST published the first version of the Cybersecurity Framework (CSF) for operators of critical infrastructure in 2014. In 2017, NIST released an update, Framework for Improving Critical Infrastructure Cybersecurity Version 1.1, which incorporates feedback and comments from the December 2015 Request for Information.
NIST also published the “manufacturing profile” of the cybersecurity framework (CSF) which enhances (but does not replace) the current cyber security standards and industry guidelines. It can be used as a road map for reducing cyber security risk for manufacturers.
|Download the white paper, Adhering to the NIST Cybersecurity Framework, to learn how Indegy can help you comply with NIST and reduce risk to critical infrastructure|
The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards were introduced to ensure reliability of the nation’s Bulk Electric System (BES).
The current version of NERC CIP includes eleven critical infrastructure protection cyber security standards, which specify a minimum set of controls and processes that power generation and transmission companies should follow to ensure the reliability and security of the North American power grid.
Deploying traditional IT security controls like firewalls and antivirus software is not sufficient for CIP compliance. To meet CIP standards, electric utility owners and operators must also have complete visibility into all Industrial Control System (ICS) assets and network activities.
|Download the brief, The Guide to Compliance with NERC CIP Standards, to learn how Indegy enables electric utilities to comply with the NERC CIP standards framework|
Pharmaceuticals Manufacturing Guidelines
The current good manufacturing practice (cGMP) regulations for validating pharmaceutical manufacturing require that drug products be produced with a high degree of assurance that they meet all attributes they are intended to possess.
The Food and Drug Administration issued guidance that requires manufacturers to maintain processes in a state of control over their entire lifecycle, even as materials, equipment, production environment, personnel, and manufacturing procedures change.
Introduction of Secure and Encrypted Industrial Protocols
In 2018, we expect to see industrial technology vendors introduce devices that support encryption and other embedded security controls.
While this is a positive trend and a crucial step towards making ICS and critical infrastructure more secure, it will take decades before all legacy technologies are replaced. Even then, no single product, technology or methodology can fully secure ICS environments.
A defense-in-depth approach, which addresses internal and external security threats, is needed. This begins with consolidated OT network activity monitoring and integrity validation for critical devices such as industrial controllers.
The significant growth in ICS networks alerts demonstrates that industrial organizations need to take cyber security far more seriously in the coming year if they seek to reduce the risk of successful cyber attacks on critical infrastructure.