Following reports of a cyber-attack bringing down the power grid in the Ukraine, the ICS-CERT chief Marty Edwards issued a warning over the state of industrial cybersecurity in the US.
Cybersecurity protections for critical infrastructure must address many common threats. Current approaches that surround devices with a perimeter are limited because once the hacker or malware gets inside, there is no protection. The NERC-CIP 007 standards mandate that both critical and non-critical devices within the secure perimeter be protected. Such protection could have prevented the Ukrainian power outage cited in the above report. Though this mandate applies to the North American power grid, the principles apply to all critical infrastructure including industrial control systems.
Security experts estimate that as many as 70% of threats are insider threats. Whether malicious or accidental, the cost can be the same. Cyber incidents that are accidental can still destroy processes, equipment, product, and potentially endanger people.
Layered security, combined with policy management and visibility, can significantly reduce the threat of both outside and inside events.
Although not all threats can be eliminated, a disciplined approach to identifying attack surfaces and possible threat vectors, and then systematically protecting each device can make giant steps to increased security across all critical infrastructure.
The question is who is listening to the warnings and taking action to ensure they are protected?
Ernie Rudolph is the Executive Vice-President of Icon Labs, a leading provider of security solutions for embedded devices. You can reach him at firstname.lastname@example.org