June 7, 2016 | Security and Risk | Alex Leemon
The number of security incidents reported by organizations that operate Industrial Control Systems (ICS) has increased in recent years. Some of these incidents have impacted the operation of critical infrastructure. In a recent survey about cybersecurity and critical infrastructure, respondents indicated that 76% of attacks have grown in sophistication compared to previous years.
The use of malware (Dragonfly, Black Energy, Irongate etc.) to infiltrate organizations and compromise assets in ICS is a driving force in the increasing number of attacks. To mitigate the spread of malware, there are many security practices that industrial organizations should consider. One example is application whitelisting. This practice has been recommended by industry organizations, ICS security experts and government agencies to help mitigate the spread of malware into ICS environments. Application whitelisting enables organizations to:
- Lock down specific ICS nodes allowing only approved files to run
- Mitigate/contain the spread of malware to industrial control system assets
- Enable users to seamlessly run whitelisted applications in critical systems
Another factor contributing to the increasing number of attacks is the interconnection between IT systems and the OT environment. The level of risk is increasing because ICS is now exposed to the Internet. The stakes are high for industrial organizations because a security breach can go well beyond data exfiltration. A security incident could disrupt operations and cause damage to personnel, property and the environment.
Organizations seek new ways to effectively and efficiently operate their industrial control systems in order to lower costs and mitigate potential security risks. Here are some practices to keep in mind when sourcing application whitelisting solutions for ICS:
- Collaborate with solution providers and ICS vendors to baseline and calibrate application whitelisting solutions to mitigate technology interoperability issues and deploy the most reliable solution possible.
- Consider a solution provider with a strong support organization and training program. This can help industrial organizations to mitigate a talent gap by helping them transfer and strengthen knowledge of ICS operations and security.
- Investigate the ability to adopt a whitelisting “solution as a service”. This approach could help organizations to acquire the technology and expertise to support the cyber security requirements without forcing the undertaking of this project internally.
The infographic below illustrates the increase in frequency and sophistication of attacks, the connection to privileged accounts as a common denominator and important mitigation steps to help industrial organizations in the path to increase their security posture.
Read more about CyberArk’s new cyber security capabilities for Industrial Control Systems.