16.02.2018
3 Reasons why to monitor your ICS Network
Industrial Control System (ICS) networks play a major role in keeping the citizens and infrastructure of a country safe and operational. It is through these networks that utilities provide for the members of their communities by producing and delivering necessary services such as energy and water, and manufacturing companies provide the goods citizens use in their daily life. Without appropriate monitoring of the safety and operation of these industrial environments, there is the potential for ICS networks to malfunction, shut down or succumb to cyber attacks. The result is not only the loss of a company’s revenue and image, but also a direct impact on a community or entire nation, as these systems are relied upon for daily operation of a functional society.
Why you should monitor your ICS environment:
1.Cyber Attacks
This is perhaps the first reason many think of for monitoring their ICS network. Recently, there have been several major cyber attacks targeting critical infrastructure. Stuxnet, WannaCry and CrashOverride are just a few of the highly destructive malware campaigns that have targeted critical infrastructure on a national scale. These attacks have dominated the headlines and have been the subject of discussion for months, if not years. As destructive and dangerous as they can be, however, cyber attacks are not the most imminent threat to ICS networks. Of course, it is wise to consider the potential of a cyber attack, but this should not be your sole reason for monitoring.
2. Internal Malfunctions
Networking and operational disruptions remain the leading role in the threat landscape. Contrary to common misconception, internal malfunctions are far more frequent than targeted cyber attacks and are the most constant and probable threat that your ICS network should be monitored for. Imagine having a faulty valve in your network that is causing the industrial process to deviate, impacting the final product or service delivery. If you cannot see and precisely locate the problem, it may take a tremendous amount of time and effort to troubleshoot the network and develop a solution, which leads to loss of productivity and revenue.
3. Insider Threats and Third-Party Misuse
From disgruntled employees to careless or malicious third-party contractors and vendors, insiders are a major source of threats to ICS networks. Insiders have deep knowledge of the network and often unrestricted access to its resources, and therefore, a very easy way to cause damage through intentional or unintentional misuse. Contractors and vendors may have remote access and connectivity to customer sites for maintenance and support, further expanding the threat surface and exposure of the ICS network. It is essential to monitor the activity of both employees and third-parties to promptly identify malicious activity and mistakes. One of the first examples of an insider threat that is commonly used as a reference is the Maroochy Water Services case (Australia, 2000), where a former contractor caused 800,000 liters of raw sewage to spill out into local parks and rivers.
Industrial Environments require a specific approach:
Without monitoring, your ICS network is left vulnerable to all the threats above. For the most effective monitoring, an ICS network must be monitored by a solution that:
1. Understands the communication protocols and threats specific to industrial environments: Traditional cyber security solutions may keep “known offenders” out but will deliver no value against advanced threats and daily operational problems.
2. Performs continuous monitoring: It is crucial to detect intrusions, malfunctions and other network anomalies at their earliest stage to respond promptly and prevent disruptions.
3. Is fully passive. Active monitoring can become troublesome, as it interferes with the network and its devices, which may turn your defense mechanism into the cause of a failure. A passive solution provides visibility and detection without endangering the monitoring