What is the state of ICS cyber security technology

June 21, 2011

Much has transpired since I first got involved in ICS cyber security in 2000.  At that time, cyber security was almost universally viewed as an IT problem. There has been a tremendous increase in awareness of the issue.

Much has transpired since I first got involved in ICS cyber security in 2000.  At that time, cyber security was almost universally viewed as an IT problem. There has been a tremendous increase in awareness of the issue. When I held the first Control System Cyber Security Conference in 2002, the only other ICS cyber security discussions were at the ISA Expo where I was holding panel sessions.  That has certainly changed with numerous conferences, articles from many experts (including many I have never heard of), and legislation now aimed at securing ICSs.

There has been significant improvement in securing the Windows-based Human-Machine Interface - HMI.  There are now many companies offering firewalls, IDS/IPS, and other Windows solutions that have been modified (I hope) for ICS applications.  Assuming these solutions have been tested in ICS applications, this should certainly help.  The down side is applying IT solutions that have not been tested in ICS applications. Unfortunately, this has already happened with negative consequences to the ICSs. The appropriate technologies applied appropriately (notice both need to be addressed) should help reduce the risk from typical IT threats either aimed at the ICS HMI or through the unintended consequences of connecting ICS HMIs to Corporate networks (lack of airgaps).

There has also been the establishment of a cottage industry in compliance monitoring and reporting to meet NERC CIP requirements. 

However, work is still needed in securing the Programmable Logic Controllers (PLCs) and other resource-constrained, deterministic field devices that could cause devastating failures and loss-of-life. This includes both Internet Protocol (IP) and serial communications. Many of the high impact cyber incidents to date including Stuxnet and Aurora were control system issues that would not be addressed by existing IT or even many of the ICS HMI solutions. There is also a need to identify what an ICS cyber attack would look like (Stuxnet was obviously not detected as it was in the wild for more than a year). As with the HMI, the appropriate ICS technologies applied appropriately should help reduce cyber risk and improve safety and reliability. I will have several vendors presenting control system solutions that I believe address important security issues at the September ACS Conference.  

Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.