Best Practices for Cybersecurity in Industrial Control Systems

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

Network segmentation, software patching, and continual threats monitoring are key cybersecurity best practices for Industrial Control Systems (ICS). Although ICSs significantly improve health and safety by automating dangerous tasks, facilitating remote monitoring and control, and activating safety protocols in the case of emergency, they’re increasingly exposed to cybersecurity threats. In 2022, there was a 2,000% increase in adversarial reconnaissance targeting Modbus/TCP port 502 — a widely-used industrial protocol — allowing malicious actors to exploit vulnerabilities in operational technology systems. Fortunately, by taking steps to improve and maintain ICS cybersecurity, manufacturers can successfully reduce the attack surface of their critical infrastructure and keep threats (including phishing, denial-of-service attacks, ransomware, and malware) at bay.

ICS cyberattacks on the rise

ICS cyberattacks are on the rise, with almost 27% of ICS systems affected by malicious objects in the second quarter of 2023, data from Kaspersky reveals. Cyberattacks have the power to devastate ICS systems, damage equipment and infrastructure, disrupt business, and endanger health and safety. For example, the U.S. government has warned of a malware strain called Pipedream: “a modular ICS attack framework that contains several components designed to give threat actors control of such systems, and either disrupt the environment or disable safety controls”. Although Pipedream has the ability to devastate industrial systems, it fortunately hasn’t yet been used to that effect. And, last year, a notorious hacking group called Predatory Sparrow launched a cyberattack on an Iranian steel manufacturer, resulting in a serious fire. In addition to causing equipment damage, the hackers caused a malfunctioning foundry to start spewing hot molten steel and fire. This breach only highlights the importance of safety protocols in the manufacturing and heavy industry sectors. By leveraging the latest safety tech and strengthening cybersecurity, safety, security, and operational efficiency can all be improved.

Segment networks

By separating critical systems from the internet and other non-critical systems, network segmentation plays a key role in improving ICS cybersecurity. Network segmentation is a security practice that divides a network into smaller, distinct subnetworks based on security level, functionality, or access control, for example. As a result, you can effectively prevent attacker lateral movement within your network — this is a common way hackers disguise themselves as legitimate users and their activities as expected traffic, making it hard to spot this method. Network segmentation also lets you create tailored and unique security policies and controls for each segment based on their defined profile. Each individual segment is therefore adequately protected. And, since network segmentation also provides you with increased visibility in terms of network activity, you’re also better able to spot and respond to problems with greater speed and efficiency.

When it comes to effective network segmentation methods, these can be based either on physical boundaries — involving physical infrastructure like network hardware, routers, and firewalls — or logical boundaries established via logical means like virtual local area networks (VLANs), access control lists (ACLs), and virtual private networks (VPNs). To simplify the management of firewall rules, in particular, network teams should use different firewalls, particularly instead of dealing with numerous applications in one firewall — something that quickly becomes complicated and difficult to maintain. By opting to use separate firewalls based on virtual machine implementations, you can streamline and simplify the set rules for each firewall. In turn, you can facilitate easier auditing, and make it easier to change outdated rules when needed.

Regularly patch and update software

Patching and updating software involves improving or repairing software to optimize performance and get rid of bugs and vulnerabilities. In addition to minimizing risk of cyberattack, software patches and updates can also ensure regulatory compliance, therefore helping you avoid fines and sanctions. When it comes to software patching best practices for ICS, it’s important to stay up-to-date with the latest vendor releases. The newest releases are designed to address newly-discovered security risks, allowing you to better protect your systems. Establishing a regular, scheduled patching cycle for ICS systems also helps ensure patches are applied on a consistent basis, further minimizing security vulnerabilities. You can also schedule downtime as needed in order to apply patches or updates without disrupting operations.

Threats monitoring

Cyber threats are constantly evolving, which means ICS threats monitoring needs to be ongoing — you need to be able to quickly spot and respond to emerging threats before they have a chance to exploit vulnerabilities. Minimizing dwell times — the amount of time a malicious agent has access to a compromised system before detection — also works to limit potential damage and destruction. So, be sure to implement anomaly detection algorithms tailored to the unique needs of your ICS system. Designed to maintain operational stability, control loops should be paid particular consideration here. A baseline of expected behavior within control loops should be established, in turn making it easier to detect anomalies.

By facilitating remote monitoring and control, automating dangerous tasks, and activating safety protocols, ICSs significantly improve health and safety in the manufacturing industry. By taking steps to strengthen cybersecurity, you can successfully keep ICS cyberthreats at bay.

Latest articles

Related articles