Some of the most critical assets in Industrial Control System (ICS) are the controllers, e.g. PLCs, RTUs, and DCS controllers.
These devices are designed to perform real-time, highly precise functions. They apply complex logic to ensure the safe and continuous operation of countless industrial processes.
While different types of controllers have unique characteristics, they all share two similarities:
Historically, controllers have not been designed with security in mind, thus they lack even basic security controls, such as authentication or encrypted communications. As a result, anyone with access to the ICS network can easily access it and make changes to the logic. In addition, changes made to controllers are not captured by the device themselves or the historian.
Lack of Visibility into Industrial Control System Activities
With no logs to track controller changes; recovering previous configurations is a nearly impossible task. Given the critical role that controllers play in industrial operations, they are at high risk of being compromised by cyber threats and unauthorized changes.
The lack of visibility into the ICS activities prevents engineering and security professionals from detecting anomalies, malicious and unauthorized activities. What does this lack of visibility mean to you? First, there are activities in your ICS network which you cannot control or supervise.
This is especially important around control-plane activity, which involves all changes to the controller logic, configuration and overall state. Since they are critical to operations, a compromise could cause severe disruptions.
This includes unauthorized changes to controller logic which can occur without your knowledge, without any warning and without the ability for you to prevent them. Even worse, if you need to recover back to a known stable state, there is no historical information available to support the recovery process. It means someone, with or without malice, could be controlling your controllers and placing your operations at risk. Without a comprehensive view of all ICS assets, including the controllers, and all ICS activities it is not possible to secure an ICS network. You must be able to identify who is active in the network, monitor the activities they are performing and track all changes.
To effectively detect and respond to incidents, any changes deemed unauthorized, malicious or erroneous should generate real-time alerts and provide detailed information about the who, what, when, where and how.
To ensure that you have in depth visibility and real-time awareness, you need a purpose-built ICS security solution that can capture, contextualize, alert and archive changes to controllers.
Whether your organization engages in chemical processing; the generation or distribution of power; water and wastewater treatment; or manufacturing, you understand the critical role that controllers play in the continuous operation of your ICS and your plant.
To protect against external cyber attacks, malicious insiders or human error, ICS activity must be monitored to detect threats and minimize disruptions, mitigate unplanned downtime and safeguard processes, facilities and human life.
The most effective way to achieve this is with full visibility into ICS assets and ICS network activity. Full visibility and control of ICS networks is critical to your continuity of operations and to strengthen your organization’s cyber security posture. Without it, your security personnel can’t have a full picture of threats and potential malicious activities.