OT Security
28.Jun.2021

Industrial automation and control systems under cyberattack

Share:

It’s a rugged journey, but we must roll up our sleeves and extinguish the enemies

– Eli Kirtman

From Germany’s steel mill, Ukraine’s power grid, Saudi Arabia’s oil and gas facility, to electric utilities and critical infrastructure worldwide — adversaries are game for everything and they’re perfectly capable of wrecking industrial automation and control systems (IACS).

This year alone, more than 4,400 publicly disclosed Common Vulnerabilities and Exposures (CVE) were processed in the NIST National Vulnerability Database (NVD).

The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) are responding with rapid fire. Their evolving series of standards (IEC 62443) address security risks and mitigation of threats to the IACS ecosystem.

Security for Industrial Automation and Control Systems is the latest standard to harden cybersecurity technical requirements. It’s a tight leash on embedded devices, network components, host components and software applications that make up IACS.

It “specifies security capabilities that enable a component to mitigate threats for a given security level without the assistance of compensating countermeasures,” according to ISA.

ISA/IEC standards are merely the foundation to obtaining multi-level certifications required to deliver products to the market. They’re even more stringent for Industrial Internet of Things (IIoT) exported abroad.
 
But these preemptive attempts to derail hostile threats also deliver a toll in-house.

Cybersecurity experts across the industry share the rugged journey through industrial control security and the demanding criteria for IEC certifications.

Enterprises struggle to merge security design, concepts of defense, and life cycle management into a solid product development framework.

Failing to document security configurations, updated management policies, and other pertinent information is a guaranteed deal-breaker.

But the major land mine to certification is failure to execute appropriate standards in security testing throughout the development lifecycle.

“Each organization has unique IIoT components that must meet specific levels of process maturity and product security requirements,” says Morgan Hung, CEO and general manager at Onward Security.

Hung and his crew have trekked this mess, guiding numerous vendors through the rough terrain to certification.
He encourages cybersecurity leaders and their teams to get intimately familiar with IEC process and security standards that are specifically relative to their IIoT product.

But knowing the playbook front-to-back isn’t enough to get devices out the door.

Integrating security into development processes is perhaps more than half the battle. It requires keen awareness and stealth execution of protocols to avoid common trip wires.

Notable complications include faulty software and firmware, using libraries management with known vulnerabilities, and failure to establish incident response and tracking mechanisms.

“Risk assessment is an indispensable part of industrial control security,” says Jacky Li, director of product development at Onward Security.

Li encourages manufacturers to deploy an automated AI security strategy to overcome these setbacks.

“Tying a comprehensive security management system to automatic vulnerability assessments improves visibility across design, development and testing stages.”

In other words, it enables R&D teams to simultaneously discover known and unknown risks in more than 120 test items that could otherwise fail ISA/IEC reviews.

Understanding the intricate details from a regulatory perspective will help enterprises fine-tune their game plan.

Only then can cybersecurity leaders build security design, concepts of defense, and product management into a framework that will deliver safe technology to customers.

Not an easy feat by any means, but we must play by the book and roll up our sleeves to beat the enemy.

Onward Archives
– Eli Kirtman is a freelance writer based in Cincinnati, Ohio.

 
Industrial Automation And Control Systems Under Cyberattack

Sponsored by Onward Security

Onward Security is a leading brand in cybersecurity compliance solutions for the Internet of Things. It has been selected as Best Cybersecurity Company – Asia Gold Winner by Cyber Security Excellence Awards. In addition to possessing an international IoT cybersecurity testing lab, it develops automated security assessment products with AI and machine learning features. It has been dedicating to helping customers in IoT/IIoT equipment manufacturing, finance, telecom, and other industries for fast obtaining security certification and effectively managing risks and vulnerabilities of open source software to ensure cyber and product security.
 

In the News

Inquiry

Contact Us
Thank you for visiting us. Please leave your contact information, and we will reply you as soon as we can.
  • Onward Security is committed to your privacy. Your information won't be shared with third parties and is used to contact you about relevant content. You may unsubscribe at any time. For more info, please read our Privacy Policy. By clicking below submit button, you consent to allow Onward Security to store and process the personal information submitted above to provide you the content requested.

Why Onward Security

In-depth Cybersecurity Techniques+

  • Uncovered 40+ zero-day vulnerabilities (CVE)
  • Discovered 3000+ IoT product vulnerabilities

Dedicated to IoT Product Security+

  • 150+ cybersecurity projects in IoT industry
  • Tested 700+ IoT product security

Global Compliance and Certification Capability+

  • 300+ customers / 10+ countries certification obtained
  • Compliance experience in IIoT, medical, automotive, BFSI, and consumer IoT industry
Subscribe to Newsletter:

Verification

Click the numbers in sequence.

WeChat
This site uses cookies to improve your experience and to provide content customized specifically to your interests. By continuing to browse our site without changing your cookie settings (click the Privacy Policy button for more info), or by clicking the Continue button, you hereby acknowledge and agree to our privacy policy and use of cookies.