Cybersecurity for Industrial Control Systems: Why It Matters and How To Stay Protected
17.5 هزار بار بازدید -
پارسال
-
▶ Engineer's best friend for
▶ Engineer's best friend for learning:
https://realpars.com
============================
▶ You can read the full post here:
https://realpars.com/industrial-contr...
⌚Timestamps:
00:00 - Intro
01:44 - Threats to ICS
03:25 - ICS Security Challenges
05:07 - Best Practices for ICS Cybersecurity
06:55 - Patching and Vulnerability Mitigation
07:49 - Conclusion
=============================
Industrial Control Systems are what we call specialized industrial computers that control critical infrastructure and process automation systems.
Examples of where industrial control systems are used in critical infrastructure include the power grid, water and wastewater management, transportation, and natural gas.
Process automation systems that use industrial control systems include nuclear power plants, oil refineries, steel mills, and most types of factories. Any time an industrial process is automated, an industrial control system is likely being used.
Because so much of modern life depends upon the convenience and safety afforded by industrial control systems, cybersecurity is of utmost importance for these systems.
With attacks on industrial control systems becoming more common every year, cybersecurity for industrial control systems is quickly becoming a necessary component for many organizations.
Malware such as Stuxnet, Industroyer, Triton, and Pipedream, to name a few, have been used to target ICS hardware specifically, with the intent of disrupting operations or destroying equipment.
While a ransomware attack on an IT system can cripple an organization, an attack on an OT system has the potential to not only hinder the operations of an organization, but to destroy equipment, disrupt critical infrastructure, and cause loss of life as well.
While there is some overlap between cybersecurity best practices for IT systems and OT systems, there are some special considerations for industrial control systems.
While IT systems are often managed using centralized management systems such as Active Directory, industrial control system components must usually be managed as standalone systems.
PLCs, HMIs, and other ICS components usually ship with a default username and password which are well-documented and easy for attackers to guess.
Special care must be taken to ensure that default credentials have been changed or removed for each component. The new credentials must then be securely stored in order to prevent an attacker from gaining access to them.
Another unique aspect of securing industrial control systems is that endpoint protection software and firewall software typically cannot be installed on these systems.
In addition to adequately defending your industrial assets, it is important to have an incident response plan in place to determine how you will respond to, and recover from a cyberattack, should one take place.
This will enable you to quickly and effectively respond to an event and minimize the impact of a cyberattack on your organization.
In the IT world, security updates are usually applied on a regular schedule to patch security vulnerabilities. In the OT world, patching is performed far less frequently, if ever.
If patches can be applied to ICS components, they should be tested in a development environment to ensure that the updates will not disrupt the production system.
=============================
To learn more about securing industrial control systems, be sure to check out the RealPars courses on this topic. In these courses, you'll learn about ICS malware, ICS attackers, past ICS security events, and how to defend your network from similar attacks in the future.
Implementing Industrial Cyber Security: https://learn.realpars.com/courses/im...
Introduction to Industrial Control System Malware: https://learn.realpars.com/courses/in...
=============================
Did you miss out on the latest and greatest? Catch up now by watching our videos right here:
http://realpars.com/siemens-s7-1200-p...
https://realpars.com/s7-1200-plc-Intr...
https://realpars.com/Best-PLC-Program...
=============================
TWEET THIS VIDEO: https://ctt.ac/j2obe
=============================
Follow us on Facebook 👉 Facebook: therealpars
Follow us on Twitter 👉 Twitter: realpars
Follow us on LinkedIn 👉 LinkedIn: realpars
Follow us on Instagram 👉 Instagram: realparsdotcom
#RealPars #Cybersecurity #ICS
https://realpars.com
============================
▶ You can read the full post here:
https://realpars.com/industrial-contr...
⌚Timestamps:
00:00 - Intro
01:44 - Threats to ICS
03:25 - ICS Security Challenges
05:07 - Best Practices for ICS Cybersecurity
06:55 - Patching and Vulnerability Mitigation
07:49 - Conclusion
=============================
Industrial Control Systems are what we call specialized industrial computers that control critical infrastructure and process automation systems.
Examples of where industrial control systems are used in critical infrastructure include the power grid, water and wastewater management, transportation, and natural gas.
Process automation systems that use industrial control systems include nuclear power plants, oil refineries, steel mills, and most types of factories. Any time an industrial process is automated, an industrial control system is likely being used.
Because so much of modern life depends upon the convenience and safety afforded by industrial control systems, cybersecurity is of utmost importance for these systems.
With attacks on industrial control systems becoming more common every year, cybersecurity for industrial control systems is quickly becoming a necessary component for many organizations.
Malware such as Stuxnet, Industroyer, Triton, and Pipedream, to name a few, have been used to target ICS hardware specifically, with the intent of disrupting operations or destroying equipment.
While a ransomware attack on an IT system can cripple an organization, an attack on an OT system has the potential to not only hinder the operations of an organization, but to destroy equipment, disrupt critical infrastructure, and cause loss of life as well.
While there is some overlap between cybersecurity best practices for IT systems and OT systems, there are some special considerations for industrial control systems.
While IT systems are often managed using centralized management systems such as Active Directory, industrial control system components must usually be managed as standalone systems.
PLCs, HMIs, and other ICS components usually ship with a default username and password which are well-documented and easy for attackers to guess.
Special care must be taken to ensure that default credentials have been changed or removed for each component. The new credentials must then be securely stored in order to prevent an attacker from gaining access to them.
Another unique aspect of securing industrial control systems is that endpoint protection software and firewall software typically cannot be installed on these systems.
In addition to adequately defending your industrial assets, it is important to have an incident response plan in place to determine how you will respond to, and recover from a cyberattack, should one take place.
This will enable you to quickly and effectively respond to an event and minimize the impact of a cyberattack on your organization.
In the IT world, security updates are usually applied on a regular schedule to patch security vulnerabilities. In the OT world, patching is performed far less frequently, if ever.
If patches can be applied to ICS components, they should be tested in a development environment to ensure that the updates will not disrupt the production system.
=============================
To learn more about securing industrial control systems, be sure to check out the RealPars courses on this topic. In these courses, you'll learn about ICS malware, ICS attackers, past ICS security events, and how to defend your network from similar attacks in the future.
Implementing Industrial Cyber Security: https://learn.realpars.com/courses/im...
Introduction to Industrial Control System Malware: https://learn.realpars.com/courses/in...
=============================
Did you miss out on the latest and greatest? Catch up now by watching our videos right here:
http://realpars.com/siemens-s7-1200-p...
https://realpars.com/s7-1200-plc-Intr...
https://realpars.com/Best-PLC-Program...
=============================
TWEET THIS VIDEO: https://ctt.ac/j2obe
=============================
Follow us on Facebook 👉 Facebook: therealpars
Follow us on Twitter 👉 Twitter: realpars
Follow us on LinkedIn 👉 LinkedIn: realpars
Follow us on Instagram 👉 Instagram: realparsdotcom
#RealPars #Cybersecurity #ICS
پارسال
در تاریخ 1402/03/22 منتشر شده
است.
17,545
بـار بازدید شده