With attacks on critical infrastructure similar to last year’s Ukraine power grid hack on the rise according to recent reports, it’s easy to point blame at the stack of security solutions. We’ve talked about the vulnerable nature of supervisory control and data acquisition (SCADA) systems, but these are just one piece of the larger industrial control systems (ICS) category.
Critical infrastructure security is of the utmost importance, so you might expect these companies to scramble and find ways to improve ICS security. However, the recent SANS 2016 State of ICS Security Survey shows that today’s ICS security leaves a lot to be desired.
Bleak Findings from the SANS Survey
Despite a need for drastic ICS security improvements, the SANS survey (which has been conducted annually since 2013) found that critical infrastructure companies simply aren’t addressing known security challenges. Here are a few of the highlights from their report:
- 52% of respondents don’t know if their ICS has been breached
- External threats are still the main concern for ICS security professionals according to 61% of respondents
- Internal threats saw a massive spike in concern—nearly doubling in number of responses up to 42% expecting accidents to cause breaches
- 67% of respondents see high or severe levels of threats to their ICSs—a 24% increase from 2015
- Despite greater perceived threats, security-information sharing is decreasing from years past
According to the report, the problem isn’t that ICSs are becoming increasingly vulnerable—it’s that companies are maintaining the status quo when it comes to their outdated security strategies. When combined with increasingly sophisticated cyber attacks on critical infrastructure, it seems like it’s only a matter of time before more serious breaches are reported in the media.
In response to the known ICS vulnerabilities, SANS offers security assessments as a critical area for companies to improve.
>> Download now: Learn how to secure your industrial network
[Free Whitepaper]
The Need for Better Security Assessments for ICSs
One of the most concerning statistics in the 2016 SANS Survey is the majority of respondents who believe 75% of their network connections are undocumented. As IT and OT converge, lacking network awareness will only increase the vulnerabilities of ICSs to dangerous cyber attacks.To help improve the state of awareness regarding ICS security, the SANS report suggests a six-fold approach to security assessments that many critical infrastructure companies don’t conduct:
- Asset Inventory: Discover any undocumented devices
- Network Traffic Baselining: The closed loop of ICS traffic means having a baseline for your traffic makes it easier to identify malicious anomalies
- Security Breach Detection: Attackers can persist in networks for weeks, months or even years—regular security assessments can help you recognize a breach
- Vulnerability Identification: Stay up to date on the latest security threats so you can find where your own vulnerabilities lie
- Confirmation of Remediation: You should document each vulnerability you’ve addressed and how you hardened your ICS.
- Security Posture Insight: Proper documentation allows analysis that gives executives the necessary metrics to approve resource allocation
All of these steps can help ICS security professionals get on the right path to improved critical infrastructure security. However, defending the Industrial Ethernet will require more than just security assessments.
Visibility Is Just the First Step in Defending the Industrial Ethernet
Without visibility into your ICS, there’s no way to properly defend critical infrastructure against increasingly sophisticated hackers. Unfortunately, many security professionals are misguided in their network connectivity strategies, leaving a visibility gap as critical infrastructure becomes more connected.
