A total of $706,452 has been paid in ransom to cybercriminals by Nigerian businesses. According to Sophos in The State of Ransomware 2022 report, Industrial Control Safety Systems (ICSS) in Critical infrastructure are increasingly exposed to cyber-attacks because of the digitization drive of the industry.
As supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control systems become connected to the Internet to allow greater business efficiency (remote process monitoring, system maintenance, process control, and production data analysis)-Industry 4.0, they also make the business more vulnerable to threats with the potential to affect critical Industrial Control and Safety Systems seriously.
This article will discuss the cybersecurity challenges facing these industries and the steps that can be taken to mitigate these risks.
Critical infrastructure is classified as the physical and IT/OT assets, networks, and services that, if disrupted or destroyed, would have a serious impact on the health/security/economic well-being of citizens and the efficient functioning of a country’s government.
The energy sector and manufacturing industries are critical to the global economy, and their security is of the utmost importance. The integration of operational technology (OT) and information technology (IT) – industry 4.0 – in these industries has also increased efficiency and productivity, but it has also increased the risk of cyber-attacks.
One of the main challenges facing these industries is the integration of OT and IT systems. OT systems, such as control systems, are used to control and monitor physical processes, while IT environments, i.e., the internet and cloud, are used to process and store data. The integration of these environments means that cyber-attacks on the Information Technology environment can now directly impact the physical processes controlled by Operational Technology systems.
The use of legacy (ICSS) in these industries is prevalent. Many Control & Safety Systems were developed before cyber security was a global concern and may not have the necessary security measures in place to prevent such attacks when the ICSS is compromised. In addition, the hardware and software in these legacy ICSS could have reached their End of Life (EOL), which makes them more vulnerable to cyber attackers
Some other factors have contributed to the growing vulnerability of industrial control systems, which include
• Insecure remote connections; Access links such as dial-up modems and wireless communications are used for remote diagnostics, maintenance, and examination of system status. If encryption or authentication mechanisms are not utilized, the integrity of the transmitted information is vulnerable
• Standardized technologies; Organizations are transitioning to standardized technologies, such as Microsoft’s Windows, to reduce costs and improve system scalability and performance. The result is unrestricted access to knowledge and tools to jeopardize the system and an increase in the number of systems vulnerable to attack.
• Availability of technical information—Public information about infrastructures and control systems is readily available to potential hackers and intruders. Design and maintenance documents and technical standards for a critical system can all be found on the internet, greatly jeopardizing overall security.
In addition to the challenges and vulnerabilities facing the industrial control system, Cyber threats and incidents are now a major operating and business risk for every digital enterprise. In the age of digitization, it is imperative to create and execute strategies that allow the business to monitor and mitigate cyber threats and risks supporting its financial objectives.
Traditional industry best practice recommends that the ICSS and operational business networks be physically segregated and employ dedicated networks which enhance security and prevent these attacks.
But to truly mitigate these risks and be IIOT-ready, organizations need to have a comprehensive cyber security program with the partnership of industry experts, which incorporates intrusion detection and prevention systems, firewalls, and secure remote access solutions in place, such as those offered by Schneider Electric; with a team of certified experts, delivering holistic cybersecurity programs to help maintain the system’s defences, with cybersecurity services such as vulnerability assessments, penetration testing, and incident response planning from an operations perspective, while integrating appropriate IT policies and requirements.
In conclusion, the integration of OT and IT systems in the energy sector and manufacturing industries has increased efficiency and productivity, but it has also increased the risk of cyberattacks. Organizations in these industries need to adopt a cyber security program and posture to maintain profitability to protect against cyber-attacks.