Securing Industrial Control Systems from the Inside and Out

Nov. 6, 2015
ICS threats can be malicious attacks from the outside or operator error. To address both, PAS has a new version of Cyber Integrity, adding patch management, security policy workflows and enhanced visibility from the operator dashboard.

For the last several months, officials from PAS have been traveling the globe talking to manufacturing executives about best practices for securing industrial control systems (ICS). A few years ago these trips were focused on educating companies on the vulnerabilities of the ICS. But today, interestingly, CIOs and cybersecurity professionals understand that the safeguards currently in place only scratch the network surface.

About 20 percent of cyber assets sit on the information technology (IT) network using standard protocols—which is what is currently secured with firewalls and anti-virus software, while 80 percent of inventory is hidden in operation technology (OT) control systems in the form of I/O cards, firmware, software, and hard to get to proprietary protocols. In other words, the majority of the plant is susceptible to attack.

That’s not a good situation to be in considering that the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) recently reported that the number of ICS attacks have increased sixfold since 2010.

PAS, which has had ICS security since 2004 as part of its asset management and change management Integrity Software Suite, is building upon that foundation. This past May the company created a Cyber Security Business Unit and rolled out a version of its Cyber Integrity product that added a way to gather and maintain an accurate inventory of cyber assets, as well as cybersecurity configuration management and system backup and recovery.

This week, the company introduced Cyber Integrity 5.0, including enhanced workflows and security policies. The software now automates a closed-loop patch management process and provides enhanced dashboard capabilities.

The idea of patch management has been around for a long time on the IT side—as in Microsoft’s “patch Tuesday,” an unofficial term used to refer to Microsoft’s regular releases of security patches for its products. The OT world, however, doesn’t have anything like that. That’s because ICS system updates are less frequent, but more importantly, much more complex.

“Patch management for today’s control systems lack critical capabilities required to help industrial organizations meet cybersecurity best practices and regulatory standards,” said Peter Reynolds, a senior analyst at ARC Advisory Group.

But Cyber Integrity 5.0 changes that. It now includes a closed-loop automation patch management function that can pull in ICS updates from any distributed control system (DCS) vendor and do a comparison against its cyber asset database—which is based on an inventory of a manufacturer’s automation assets.

While PAS can’t automatically update the ICS due to the system’s sophistication, Cyber Integrity does provide visibility into patches needed and direction for next steps.

“We don’t automatically download patches into the control system, but through workflows we make sure the people responsible for the system have it as a task to work through the process,” said PAS chief marketing officer David Zahn.

The second thing Cyber Integrity 5.0 brings to the market is a management dashboard that provides near real time visibility into ICS assets to drive action. For example, from a cybersecurity specialist to a plant manager, every person has a different responsibility. The dashboard contextualizes the view to provide information relevant to the role. This addresses the human factor of cyber security.

“I personally believe that 90 percent of incidents that occur are due to inadvertent errors, because we, as humans, make mistakes,” said Eddie Habibi, CEO of PAS. “The threat of inadvertent mistakes is larger than external malicious attacks and needs more attention. We approach this by addressing all of the things an operator needs to succeed.”

Operators need a high performance interface, alarm management, boundary management, and a decision support system. All of that comes to the operator through the automation layer.

“If the automation layer is robust and working well, we can support an operator in their endeavor to have a safe and uneventful day,” said Habibi.

About the Author

Stephanie Neil | Editor-in-Chief, OEM Magazine

Stephanie Neil has been reporting on business and technology for over 25 years and was named Editor-in-Chief of OEM magazine in 2018. She began her journalism career as a beat reporter for eWeek, a technology newspaper, later joining Managing Automation, a monthly B2B manufacturing magazine, as senior editor. During that time, Neil was also a correspondent for The Boston Globe, covering local news. She joined PMMI Media Group in 2015 as a senior editor for Automation World and continues to write for both AW and OEM, covering manufacturing news, technology trends, and workforce issues.

Companies in this Article

Sponsored Recommendations

Why Go Beyond Traditional HMI/SCADA

Traditional HMI/SCADAs are being reinvented with today's growing dependence on mobile technology. Discover how AVEVA is implementing this software into your everyday devices to...

4 Reasons to move to a subscription model for your HMI/SCADA

Software-as-a-service (SaaS) gives you the technical and financial ability to respond to the changing market and provides efficient control across your entire enterprise—not just...

Is your HMI stuck in the stone age?

What happens when you adopt modern HMI solutions? Learn more about the future of operations control with these six modern HMI must-haves to help you turbocharge operator efficiency...