What is an Industrial Control System?
An industrial control system (ICS) is a control system that is associated with the instrumentation used for industrial process control, which is a continuous production process that combines control engineering and chemical engineering implemented widely in industries such as oil refining, pulp, and paper manufacturing, chemical processing and power generating plants.
What does it have to do with cybersecurity?
Just as with any company’s business information system, an industrial control system can be subject to a cyber breach. The hackers associated with an industrial control system breach are those looking for notoriety in damaging the nation-state’s equipment and facilities. How such a breach occurs typically derives from actions by employees, competitors, and even friendly sources that inadvertently bring malware onto the industrial control system site.
What measures can be put in place to protect an industrial control system?
The United States Department of Homeland Security provides a report on recommended practice for developing ICS Cybersecurity Incident Response Capability. Cyber incident response includes prevention, preparation, planning, incident management, recovery, mitigation, remediation, post incident analysis, and lessons learned with regards to malicious acts using information technology.
The report is a guide to other more detailed sources in approaching cyber incident response for ICS. It addresses four major response plan steps:
FIRST, a cyber incident response team should be established. With establishing the team, a cyber response plan can be developed and embedded into the ICS policies and procedures.
SECOND, incident prevention is looked at to reduce the seriousness of a cyber incident.
THIRD, incident management is developed for:
- Detection of potential or actual issues
- Containment of the event, especially when related to malware installed on the servers
- Remediation including the eradication of the malware
- Recovering from the event and restoring the system to full functionality.
FOURTH, post incident analysis practice should be put in place. This includes determining the cause, access path, the vulnerability of the incident. Such analysis can then be used to prevent future similar incidents as well as ensure cyber forensics and data preservation.
The report is one of many recommended ways to approach building and strengthening the ICS. It is vital to put in a cybersecurity incident response plan according to best practices to protect the functioning of the critical infrastructure and key resource sector of the United States.