Throughout 2022, almost 38% of industrial control system (ICS) computers globally have been attacked with malware. In the Middle East, the figure sits at just over 42%, according to Kaspersky ICS CER statistics. This is a high growth threat landscape that no public or private sector entity, especially in critical sectors like energy and mining, can ignore.
“One infected USB drive or a single spear-phishing email is all it takes for cyber criminals to bridge the air gap and penetrate an isolated ICS network. Traditional security is not adequate to protect industrial environments from rapidly evolving cyber threats. As attacks against critical infrastructure increase, choosing the right approach to secure systems has never been more important,” says Emad Haffar, Head of Technical Experts at Kaspersky.
Think of an ICS as a collection of personnel, hardware, and software that can affect or influence the safe, secure, and reliable operation of an industrial process. IT is one component of this environment with operational technology (OT) another key element. While traditional cybersecurity solutions focus on data-oriented businesses, ICS protection is geared towards OT security where it is all about cyber-physical companies such as utilities, mining, manufacturing, and so on.
Effective OT cybersecurity measures must therefore include industrial endpoint protection to prevent accidental infections and make motivated intrusion more difficult, OT network monitoring and anomaly detection to identify malicious actions on the level of programmable logic controllers, and dedicated expert services to investigate the infrastructure, conduct expert analytics, or mitigate the impact of an incident.
“However, despite all the innovations in modern cybersecurity solutions, human error still plays a significant role in compromising ICS systems. As such, it needs to be managed much more proactively than what is currently happening. This requires utility companies, mines, and others operating in the industrial environment to look at building a Human Firewall,” adds Emad Haffar.
One of the best ways to achieve this is through the right security awareness and training solutions that go beyond basic training. Instead, it is about delivering training that is easily digestible, practical, and memorable so it will always stay top of mind. Companies must provide training to ensure staff are armed with the very latest skills and knowledge, especially given how quickly cyber incidents evolve.
Beyond the Human Firewall, there are sector-specific interventions to consider. For instance, modern electrical power systems are complex environments requiring protection, automation, and control solutions covering all areas of electric power facility operation. Notwithstanding the technical challenges of securing this environment, organisational issues must also be considered. For instance, a lack of guides defining actions to be taken when suspicious activity is detected within automated systems. There is also a lack of documents and practices relating to the investigation of disturbances in technological environments including malicious influence on control systems.
Mines are also hotbeds for potential attacks especially at a time when Industry 4.0 digital technologies link key operational systems to data analytics and cloud environments. Mines are confronted by escalating cybersecurity threats but lack the in-house skills to adequately protect their OT and ICS environments. Combining ICS cybersecurity solutions with ongoing user education and training are non-negotiables especially when human lives are at risk.
“It is a holistic approach towards ICS cybersecurity that incorporates hardware, software, and user awareness training components that will result in a hardened defensive posture around all aspects of OT security processes,” says Emad Haffar.