Cyber hackers infiltrated credit card companies, retailers, health care providers and other consumer industries over the past several years. Hackers utilize the same technologies we all use to make life easier (i.e. Internet connectivity to bank accounts, health records, etc.) to gain access to our private information and financial accounts.
As a result, innovative cyber security providers constantly improve their defense technologies to keep up with the ever-changing threat landscape. Companies also increase their investments in these technologies to protect critical information.
More recently, a much larger threat has emerged, threatening the physical assets of our critical infrastructure. This is the cyber threat to industrial control systems (ICS). These systems control our electricity, water, manufacturing plants, refineries and transportation systems.
Historically, critical infrastructure faced less of a threat, simply because they were often isolated from business networks and utilized proprietary technologies. More and more, companies are seeking to gain the efficiency of remote access or utilize the Internet of Things (IoT) to improve performance. Newer ICS deploy open standard communication protocols, and are now becoming major targets for cyber attacks.
Although industry-specific regulations (e.g., NERC CIP and CFATS) require increased protection, potential defense solutions still lack many of the critical elements required for a cohesive and efficient defense mechanism.
ICS OEM vendors are not experts in cyber security nor have they built their products with cyber security in mind. Each site will likely have multiple DCS, PLC and SCADA vendors present, and solutions that work in enterprise IT environments need to be tailored to the unique requirements of operation technology (OT) environments before being deployed in an around-the-clock, mission critical environment.
This white paper covers details specific to ICS systems and primarily focuses on the power generation industry. Readers of this document should be familiar with general ICS components and design, cyber security concepts and communication protocols.
The intended audience includes: control engineers, information technology (IT) professionals who secure ICS systems and engineering and/or compliance managers.