ICS Security & The Risks
What is ICS?
An Industrial Control System, ICS, is a generic term covering several types of control systems used in industrial production, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other smaller control system configurations such as programmable logic controllers (PLC).
Over the years the attack surface has increased mainly down to an increase in the connection of ICS environments into corporate networks and the use of more conventional IT technologies to lower costs associated with support and maintenance.
The Stats (CREST ICS Study)
- 32 % of the studies participants had been in infiltrated or infected at some point;
- 34% had been breached more than twice in the past 12 months;
- 15% reported needing more than a month to detect a breach;
- 44% were unable to identify the source of the infiltration
However the truth is with these stats the majority of ICS incidents go unreported, generally for commercial or national security reasons but it also makes it more difficult for security professionals to accurately asses the risk.
- There is a reluctance from ICS environment and process owners to allow security people access to ICS environments for security testing.
- Lack of qualified and experienced ICS testers.
- Things are no longer ‘air gapped’ as ICS environments are connected to regular environments using anything from RF to Ethernet.
- It is sometimes difficult to obtain log data for analysis or incident response.
- A lack of information about the assets in an environment, some laws stipulate you must keep an asset list which is created during installation but these are rarely ever filled in and when they are, they are often not complete or up-to-date.
- Lack of modern security protections in devices, like ASLR/NX etc.
- The market is dominated by a small number of vendors. Gamayan believes its products will represent a quantum leap forward in ICS security when compared to currently available solutions.
- Insufficiently protected, often blind environments targeted by very capable adversaries.
Some of these one can understand, for example one must proceed with a high degree of caution during technical security testing of ICS environments because a wrong move here may end up costing peoples lives.
It was for these reasons we developed