Showing posts with label cybersecurity. Show all posts
Showing posts with label cybersecurity. Show all posts

Wednesday, December 28, 2016

Keep Industrial Control System Cybersecurity Top of Mind

depiction of industrial data around the world cybersecurity
Industrial control system cyber security is a 24/7 operation 
Cybersecurity risks should be a concern to any business with an internet connection or data port. Smaller operators may feel their limited size and notoriety renders them generally immune to invasion. This is a falsehood. Every control system should be considered as a potential target. That said, paranoia and fear should not be your primary decision drivers. Cybersecurity is accomplished through awareness, diligence, and collaboration.

Even if you consider yourself a small and insignificant operator, it is useful to begin, then maintain, a connection to the conduits for industrial control system cybersecurity information. Develop your awareness of the potential for intrusion into your control system. Start to become knowledgeable about how cyber threats can impact your operation, how cyber intruders gain access. As you build your knowledge, it is likely you will find ways to improve your level of security without major change or expense.

The U.S. Department of Homeland Security houses the watchdog organizations for industrial control system cybersecurity. There is a group within the department that is dedicated solely to industrial control systems. The Industrial Control Systems Cyber Emergency Response Team, better known as ICS-CERT, works to reduce cyber intrusion risks for industrial control systems. The link for ICS-CERT should be your first stop when delving into industrial cybersecurity. The site provides links to many other resources and activities, all directly related to cybersecurity. You can sign up for newsletters, even receive alerts when new threats are uncovered.

Your steady progress of knowledge building will better prepare your organization for the cybersecurity challenges of the current environment, as well as those that will emerge in the future. A fact sheet from the National Cybersecurity and Communication Integration Center, providing some useful information on their functions and activities, is included below.

Any concerns you may have about the potential vulnerabilities of instruments or equipment currently in place should be shared with vendors as part of the evaluation of your current systems.


Tuesday, March 8, 2016

Hardening Industrial Control Systems Against Cyberattack

Multiple industrial pumps
All industrial control systems and processes should
be evaluated for their vulnerability to cyberattack
Industrial control system owners, operators, and other stakeholders should be aware of their exposure to malicious intrusion and attack by individuals or organizations intent on inflicting physical damage, stealing information, or generally wreaking havoc throughout an industrial operation. The risk of intrusion, regardless of the size or type of facility, is real.

The National Cybersecurity and Communications Integration Center, part of the US Department of Homeland Security, ...
serves as a central location where a diverse set of partners involved in cybersecurity and communications protection coordinate and synchronize their efforts. NCCIC's partners include other government agencies, the private sector, and international entities. Working closely with its partners, NCCIC analyzes cybersecurity and communications information, shares timely and actionable information, and coordinates response, mitigation and recovery efforts. (from www.us-cert.gov/nccic)
The NCCIC has published a set of seven basic steps toward establishing a more secure industrial control system. I have included the publication below, and it is interesting and useful reading for all involved in industrial process control.

Having a fence around an industrial site, with a guarded entry gate, no longer provides the level of security needed for any industrial operation. Read the seven steps. Take other actions to build your knowledge and understanding of the risks and vulnerabilities. Cybersecurity is now another layer of design tenets and procedures that must be added to every control system. It will be a part of your company's best practices and success, now and in the future.

There are uncountable legacy controllers and communications devices throughout industrial America. All need to be reassessed for their vulnerability in the current and upcoming security environment. When reviewing your processes and equipment, do not hesitate to contact Mountain States Engineering for assistance in your evaluation of our products.


Monday, February 8, 2016

Industrial Control Systems Have Unique Cybersecurity Challenges

industrial control system cybersecurity
Industrial control systems have special
cybersecurity aspects.
The International Society of Automation is offering a free white paper entitled “What Executives Need to Know About Industrial Control Systems Cybersecurity”. The article provides useful commentary and information that establishes the scope of cybersecurity in the industrial process control space and provides a basic framework for understanding how every process may be impacted by lax cybersecurity efforts. The author, Joseph Weiss, differentiates Industrial Control System (ICS) cybersecurity from that of organizational IT through a review of various attributes common to both types, including message confidentiality, integrity, time criticality, and more. Any reader’s awareness and understanding of the cybersecurity risks to their operation will be enhanced through this article. I finished reading the article wanting more on the subject, and ISA is certainly a resource for additional content.

A quote from article...
“Cyber incidents have been defined by the US National Institute of Standards and Technology (NIST) as occurrences that jeopardize the confidentiality, integrity, or availability (CIA) of an information system.”
ICS cybersecurity extends beyond preventing malicious outside intruders from gaining access. It is an important part of maintaining the overall operating integrity of industrial processes. A holistic approach is advocated to identify physical risk factors to the process and its componentry (more on that in this blog post), as well as vulnerabilities that may prevent exploitation by unauthorized parties. Weiss goes on to describe the role and qualifications of the ICS Cybersecurity Expert, essentially an individual that can function effectively as an IT cybersecurity tech with the added skills of an industrial control systems expert.

A synopsis of attack events is provided in the article, with the author’s conclusion that not enough is being done to secure industrial control systems and the risk exposure is substantial in terms of potential threats to personnel, environment, and economy. By providing your name and email address, you can obtain the white paper from the ISA website. Your time spent obtaining and reading the article will be well spent.


For any specific information or recommendations regarding our products and cybersecurity, do not hesitate to contact us directly. We welcome any opportunity to help our customers meet their process control challenges.