Contact Us

What is industrial
control system
security?

Industrial control system (ICS) security is the protection of operational technology (OT) systems that monitor critical infrastructure and industrial processes. That includes protecting systems that provide energy, water, manufacturing, and more. These systems process sensor data from across industrial enterprises, enabling alerting and management of processes.

Over time, industrial control systems have become more connected to the internet through enterprise IT systems and internet of things (IoT) devices, making them more vulnerable to disruption and breach. Therefore, ICS security involves more than just the ICS itself.

What are the top threats to ICS security?

Verizon’s 2020 Data Breach Investigations Report notes that mining and utilities industry breaches are composed of a variety of actions. However, financially-motivated social attacks, including phishing and pretexting, dominate incident data. Cyber-espionage-motivated attacks and incidents involving operational technology assets are also of concern.

This is reinforced by a recent alert from the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA). The agencies warned of increased malicious activity against operational technology and control systems, including:

  • Spearphishing to gain IT network access as a means to access the organization’s OT network.
  • Ransomware to encrypt data for impact on both IT and OT networks.
  • Connecting to internet-accessible programmable logic controllers in the OT network that require no authentication for initial access.

What are best practices to increase industrial control system security?

ICS security requires a tailored blend of best practices for IT networks and for your specialized ICS networks. It starts with an inventory. You need to know what, how and where elements connect and communicate. You need to know how they are configured. You may need to give some ICS elements extra attention because they are specialized or are based on legacy technology.

It is complex. Fortunately, CISA, the US Department of Energy, and the UK’s National Cyber Security Centre, jointly-released a detailed infographic that offers helpful overview. Recommendations include:

ICS network architecture:

  • Segment networks to limit ICS access where possible.
  • Use one-way communication diodes, where possible, to prevent external access.
  • Implement a network topology for ICS that has multiple layers, with the most critical communications occurring in the most secure and reliable layer.
  • Set up demilitarized zones to create a physical and logical subnetwork that acts as an intermediary for connected security devices to avoid exposure.
  • Employ reliable and secure network protocols and services where feasible.

ICS Security monitoring:

  • Baseline ICS operations and network traffic; configure intrusion detection systems (IDS) to alert on ICS traffic outside normal operations.
  • Track and monitor audit trails for critical ICS areas.
  • Set up security incident and event monitoring (SIEM) software to monitor, analyze, and correlate ICS network event logs to identify intrusion attempts. 

Host security:

  • Promote a culture of patching and vulnerability management.
  • Test all patches in off-line test environments before implementation.
  • Implement application whitelisting on human machine interfaces.
  • Harden field devices, including tablets and smart phones.
  • Replace out-of-date software and hardware devices.
  • Disable unused ports and services on ICS devices after testing to assure this will not impact ICS operation.
  • Implement and test system backups and recovery processes.
  • Configure encryption and security for ICS protocols.

How can Verizon help you?

Reliability and resilience are essential as stakeholders expect critical infrastructure and industrial processes to keep running despite cyberattacks and other problems. Verizon offers intelligent security solutions so you’re ready to defend your systems from threats and continue service delivery:

  • Cyber Risk Monitoring presents enterprise-specific intelligent insights to help you better focus your security spend
  • Threat Monitoring and Managed Security Services provide monitoring and maintenance, freeing you to focus on your core customer-centric business goals
  • Incident Response and Investigation, from Verizon Threat Research Advisory Center (VTRAC) experts, offers threat intelligence, incident response plans, and forensic services that help respond to any cybersecurity threat
  • Mobile security allows you to secure employee and associate devices, whether they’re at their desks, in the field or nearly anywhere in between

Learn more about how Verizon’s security solutions can help improve your security posture and protect mission-critical assets.