What Are ICS Systems And OT?
Industrial Control Systems (ICS) are crucial control systems used in various industrial operations, such as power generation, manufacturing, and transportation. These systems monitor and manage critical industrial processes, including temperature, pressure, chemical reactions, and flow. ICS systems rely on sensors, controllers, actuators, and networks that work together to ensure industrial processes’ safe and efficient operation.
Operational technology (OT), encompasses the hardware and software used to monitor and manage physical processes across industries. OT systems include ICS systems, building automation systems, and industrial networks. OT systems are a critical infrastructure responsible for ensuring the safe and efficient operation of various industrial processes.
The Urgent Need For ICS Cybersecurity In Today’s Threat Landscape
Over the years, there has been a significant increase in the interconnection between industrial control systems (ICS) and operational technology (OT) with IT systems, leading to an increased risk of cyberattacks. These systems form the backbone of critical infrastructure, powering essential industries such as energy, water, transportation, and manufacturing. The impact of cyberattacks on ICS and OT can be devastating, causing physical damage, financial losses, and loss of life. Thus, safeguarding ICS and OT systems against cyberattacks is crucial. Discover how the adoption of the IEC 62443 standard can help mitigate these risks.
ICS Cyber Attacks And Their Severe Consequences:
- Stuxnet: A worm that specifically targeted Iran’s nuclear program, causing physical damage to uranium enrichment centrifuges.
- Ukrainian power grid attack: In 2015 and 2016, hackers disrupted the Ukrainian power grid, causing widespread blackouts and leaving hundreds of thousands without power.
- NotPetya: A ransomware attack that affected thousands of computers worldwide, including those in critical infrastructure sectors such as shipping and logistics.
- Triton/Trisis: A malware attack that targeted a Saudi Arabian petrochemical plant, shutting down safety systems and almost causing a major disaster.
- Dragonfly/Energetic Bear: A cyber espionage campaign targeting energy companies and power grids in the United States and Europe.
- Maroochy Water Services: A disgruntled former employee of an Australian water treatment plant hacked into the system and released over a million liters of raw sewage into nearby parks and rivers.
- Colonial Pipeline: In May 2021, a ransomware attack shut down the Colonial Pipeline, which supplies gasoline and other fuel products to the eastern United States, causing widespread shortages and price increases.
These attacks demonstrate the severity of the consequences that can result from a cyber attack on ICS and OT systems. They highlight the urgent need for organisations to prioritise the defence of these critical infrastructure systems against cyber threats.
How Can We Help You Mitigate These Impacts?
The quickest way to respond to the ICS cyber risks is by adopting the IEC standard across all your ICS systems and networks.
At Leo CybSec, we provide consulting services to help organisations implement the IEC 62443 standard across all their ICS systems and networks. Our experts work with organisations to develop an inventory of ICS assets, group assets into zones and conduits based on the company’s security objectives, conduct high-level and detailed level risk assessments, and assign target security levels to zones. We also provide ongoing support to ensure that organisations maintain compliance with the IEC 62443 standard and remain protected against emerging cyber threats.
The Urgent Need For ICS Cybersecurity In Today’s Threat Landscape Requires IEC62443
The IEC 62443 series of standards was created by the ISA99 committee with the contribution of global security experts, to offer a comprehensive set of standards that can be applied to any industry. These standards introduce a common language for all stakeholders in the IACS field, including asset owners, service providers, and product developers. They provide guidelines on defining security objectives and implementing IACS systems effectively.
The IEC 62443 Standard comprises several documents, each addressing specific aspects of IACS security. Check out the table below for a brief overview of these documents.
| Standard Document Name | Description |
|---|---|
| Part 1-1: Terminology, concepts, and models | It defines the basic concepts and terminology for the whole IEC 62443 standard parts. |
| Part 1-2: Master glossary of terms and definitions | List of terms and abbreviation |
| Part 1-3: System security conformancemetrics | It defines a mechanism to build a quantitative security metrics |
| Part 1-4: IACS security lifecycle and use cases | It describes the security lifecycle of a Controls system supported with use cases. |
| Part 2-1: Establishing an IACS securityprogram | It helps asset owners build and implement an effective IACS security management system |
| Part 2-2: IACS security program ratings | It defines a mechanism to measure the level of security against the IEC 62443 requirements |
| Part 2-3: Patch management in the IACS environment | It provides guidelines on how to design and implement a Patch Management Process |
| Part 2-4: Security program requirementsfor IACS service providers | It sets the security requirements for providers that offer services such as support and integration. |
| Part 2-5: Implementation guidance for IACS asset owners | It guides asset owners on how to operate an IACS security program. |
| Part 3-1: Security technologies for IACS | It describes several security technologies and their implementation in an IACS environment |
| Part 3-2: Security risk assessment forsystem design | It helps asset owners and integrators on: – Grouping assets into zones and conduits. – Conduct Risk Assessment. – Assign target security levels. |
| Part 3-3: System security requirementsand security levels | It provides security requirements (SRs) that can be used to evaluate whether a product has security capability matching the target security level (SL-T) set by an asset owner. |
| Part 4-1: Product security development life cycle requirements | It sets security requirements for product development |
| Part 4-2: Technical security requirement for IACS components | It sets security requirements for components providers. Components can include: sensors, network devices, and software among others. |
What We’ve Done:
In 2022, we worked with one of the largest energy companies in Europe to adopt the IEC 62443 standard in one of their largest projects. Our experts supported the company in developing an inventory of their ICS assets, grouping assets into zones and conduits, conducting risk assessments, and assigning target security levels to zones. As a result of our efforts, the company was able to significantly improve its cybersecurity posture and reduce the risk of cyber attacks on their critical infrastructure systems.
Conclusion:
In conclusion, cyber attacks on ICS and OT systems can have severe consequences, including physical damage, financial loss, and loss of life. The IEC 62443 standard provides a comprehensive framework for securing these critical infrastructure systems against cyber threats. At Leo CybSec, we provide consulting services to help organisations implement the IEC 62443 standard across all their ICS
References:
1- IBM X-Force Threat Intelligence Index 2022 (link)
2- Alert (AA22-103A) APT Cyber Tools Targeting ICS/SCADA Devices (link)
3- IEC 62443 Part 1-1 Terminology Concepts and Models.
4- An Abbreviated History of Automation and Industrial Controls System and Cybersecurity by Ernie Hayden (link)
5- Oil & Natural Gas Cyber Threat Perspective by Dargos (link)
6- CNN: Colonial Pipeline says ransomware attack also led to personal information being stolen (link)
7- New York Times: A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try (link)
8- Quick Start Guide: An Overview of the ISA/IEC 62443 Standards by ISA Global Cybersecurity Alliance (link)
