Securing Industrial systems is not a simple task, nevertheless its critical and must be addressed
The idea that vast swaths of a country could be thrown into chaos due to an attack are the stuff of Hollywood blockbusters or nightmares, but don’t overlook the fact that it could very well happen. In the past two years, cyber-attacks have hit energy and utilities companies and defense and aerospace contractors. Securing industrial systems like has become an increasingly critical on risk managers’ radar screen.
These connected plants and power grids are parts of the Internet of Things (IoT) – commonly thought of as interconnected smartphones, cars, fitness trackers, thermostats, and refrigerators. There are more than 6 billion things in the IoT, with more than 5 million things getting connected every day, according to Gartner.
Why are we so unprepared?
The fact is that many senior managers in utilities, transportation, healthcare and manufacturing are unaware of the security risks in industrial systems, according to the European Union Agency for Network and Information Security (Enisa). Many of these mangers have been happily plying their trade well before the days of internet-connectivity and smart factories. Much of the workforce has little knowledge or the skill-set required to deal with securing industrial systems.
Another major factor in securing industrial systems are the protocols used. Companies operating SCADA (supervisory control and data acquisition) systems are now commonplace, and some of these are highly interconnected with other corporate networks and the internet. Some devices lack encryption protocols, and there is also a lack of adequate logging, which makes it harder to identify the root cause of security breaches, said Enisa. Because Scada systems are now interconnected and exposed to the internet, or large public networks, they are now exposed to many more threats, the agency warned.
Enisa urged manufacturers and operators to adopt a faster update and patching process to protect these interconnected devices, but because many Scada systems run in critical national infrastructure, this is not easily done, it warned