For several years now, we’ve been supporting the far-reaching changes affecting Industrial Control Systems which are being increasingly forced to open up to the broader market and corporate IS technologies.
Opening up to corporate ISs is now a necessity...but it also carries risks
Historically, ICSs were not connected to corporate ISs, either because there was no need or as a way of limiting the exposure. The majority of interventions were local, with work taking place directly on equipment, or remotely, using specific tools. The management of this work and the operations themselves were mostly local too.
Business functions’ changing needs and the optimization of production processes have brought with them new and less localized requirements (such as remote supervision, remote maintenance, the emergence of the IoT, the standardization and rationalization of technologies and skills, cyber threats, etc.), which are designed to improve performance and facilitate operations. These challenges have led to a need to digitalize and interconnect industrial and corporate ISs.
Although this is now essential so that a company can operate effectively, our discussions with operational staff highlight the fact that such changes have also led to risks of intrusion and the propagation of threats between these interconnected ICSs. These affect:
/ Operations and quality – with potential shutdowns and modifications of production resulting in financial, reputational, and even people impacts;
/ The security of installations, where production equipment being seriously compromised can have impacts on both people and the environment.
Mitigating these intrusion and propagation risks and their consequences means implementing security measures in several different stages:
- Mapping industrial IS;
- Putting in place secure network architecture;
- Hardening and setting up security maintenance of the various systems over time;
- And, lastly, putting in place the measures to detect incidents and respond to them.
Regulatory authorities have also been considering these risks. For the most sensitive installations, they are now mandating these types of measures and others too.
Interventions (such as patch management, account audits, integrity control, etc.), sometimes done remotely and often frequently, may now need to be carried out by teams more distant from site operations. These quickly come up against a traditional operating model designed to prioritize the continuity and integrity of operations, quality, hygiene and safety – while minimizing disruptions to production.
How can these measures be implemented without losing sight of the ICS’s core purpose – to operate a physical process in the way designed?