Whether discussing plant safety, process improvement, or cybersecurity, one truth is always present:  You cannot improve on that which you cannot see, understand, and learn to control.   Many operators today when considering industrial cybersecurity still see the world as someone or some group launches an attack from the Internet, it starts at 8:01 in the morning, and by 8:03 the plant fails under a crippling attack.

 

This false notion leads to an overconfidence that the latest firewalls and Network Monitoring Solutions (NMS) such as Intrusion Detection System and Anti-virus will always protect if the technology is kept up to date.  Numerous studies such as those produced by SANS, ICS-CERT, and organizations around the world clearly show that most attacks actually take 12-18 months to mature, and rarely do attacks initiate directly from the Internet.

 

In fact, over 80% of all attacks come through poor user practices such as web browsing and unsafe computing practices such as poor use of USB drives and downloading unsafe attachments.  Bottom line, effective cybersecurity is only achieved through a careful balance between technology implementation and maintenance, careful vulnerability assessment and risk management practices, and global user and management awareness of cyber security issues. Social media, email, web browsing, and all forms of computing technologies where there is human interaction all increase the potential attack surface by which intellectual property is lost, malware is able to enter the system and degrade operations, and cyber attackers are able to gain a foothold with client side attacks that focus on the weakest link in the security chain – the people that use the system.

 

The danger is not limited to work and assets under the control of IT in your organization.  Often employees, contractors, and third parties utilize remote connections and web proxy’s to read their email or connect into the enterprise, and emerging trends such as Bring  Your Own Device means that smart phones and tablets not under the control of IT often are allowed to connect to your assets.  Assessments have shown us that this is a very common way to introduce both intentional and unintentional threats into the system as people download malware on their on devices and then bring them into the work place. USB drives and current malware such as BadUSB only heighten this threat.  In fact Stuxnet was able to compromise what is believed to be a totally disconnected industrial facility simply through the action of using USB drives brought in by third party integrators and connected to the process – and this attack was able to bring both malware into the facility, as well as extract information from the facility that was then sent back to the malware’s command and control center, which allowed the virus writers to actually tune and improve the performance of Stuxnet, relying heavily on the continued use of these USB drives to be able to penetrate!

 

Background

 

The benefit of connecting devices and systems together with Ethernet continues to grow and consequently, so do the problems. Industrial Control Systems (ICS) benefit immensely from interconnections and are not immune to the problems. Meanwhile, our formal education system is not keeping up with the challenges that interconnected devices and systems present in an industrial environment.

 

Today instrument and control engineers are expected to maintain many more systems than in the past and those systems are getting significantly more capable, powerful, and connected. Even though the ICS networks use similar topologies, the industrial controllers and devices are significantly different from the computer systems used in the office. Office computers can protect themselves with software designed for their operating system to provide malware, virus and firewall protection. None of this is available to a PLC, RTU, or other industrial control devices.

 

Additionally, ICS network protocols are significantly different from the Ethernet protocol you use in the office. For instance, industrial networks make use of UDP for rapid time synchronized communications between devices. This protocol is often not allowed in office communications networks.

 

Key Benefits of ICS Cybersecurity Training

ICS network performance and security training is essential to the achievements of a business and the efficiency of its processes.  ICS Network security and reliability educated engineers and technicians have the ability to maintain the industrial control network similar to performing maintenance on any other piece of equipment. Just like you would not want a technician performing periodic maintenance checks or repairing a piece of equipment without training, you should want the same from the people managing your ICS networks.

 

ICS network performance and security training enables personnel to confidently diagnose ICS networks performance, perform performance and security maintenance checks without interfering with the process, and discover a cyber security issue and mediate.

 

ICS training should focus on the use of advanced tools for ICS network analysis; as well as critical techniques for managing and responding to ICS network degradation, security breach, or malfunction. Our experienced professionals work with your engineering staff to develop a first line of defense and position them to provide effective ICS network management throughout lifecycle challenges. We provide hands-on training in the areas of maintenance, protection, discovery, and incident response.

 

Awareness training will prepare your company’s personnel to understand the latest threat landscape, and the tools used to address today’s cyber threat – thereby increasing the awareness of your frontline personnel to help them identify and report possible cyber issues.  Most incidents to date have gone unnoticed or unreported, and it is not until company’s like Kenexis come in that ongoing and active cyber threats are found.   Awareness training helps increase the safe computing discipline of operators, engineers, remote support, and executives both at home and on the job.

 

Our experts bring deep experience working with ICS Network Security & Reliability challenges from working with ICS customers globally and establishing and managing the standards used by industry today.