Three reasons manufacturers must monitor ICS networks

Opinions expressed in this article are those of the author.

This article is by Steve Hunter, Senior Director for Systems Engineering, 
Forescout (Asia Pacific & Japan)

Remote working has caused a rapid acceleration of digital transformation across most industries, with many moving forward into Industry 4.0. The manufacturing industry in particular has embraced the Internet of Things (IoT) to increase efficiency through automation and prepare for future disruption. However, as more devices become connected, more entry points to the network are created, and the risk of bad actors infiltrating the network increases.

Industrial control systems (ICS) help ensure that citizens and infrastructure remain safe and operational. These networks let utility providers produce and deliver necessary services such as power and water, and manufacturing companies provide critical daily supplies such as food, paper products, medical equipment, and pharmaceuticals.

The continuous safety and operation monitoring of these industrial environments reduces the potential for ICS networks to malfunction, shut down or succumb to cyberattacks. Many of these systems are heavily relied upon for the daily operations of society. Disruptions to ICS networks could damage the company’s revenue and reputation, and could also directly impact a community or entire nation.

ICS network monitoring provides visibility into the devices and activity on the network. There are three key reasons why manufactures must monitor their ICS networks:

1. Cyberthreats
Cyberattacks on critical infrastructure can be extremely destructive, impacting national safety, and economic and social wellbeing. Remote working has increased the need to secure production environments as bad actors can access corporate networks via personal devices or Wi-Fi networks.

2. Internal malfunctions
As dangerous as cyberattacks can be, they are not the most imminent threat to ICS networks. Networking and operational disruptions remain the leaders in the threat landscape. Internal malfunctions are more frequent than targeted cyberattacks and should be a significant consideration when implementing ICS network monitoring.

If manufacturer’s can’t see and precisely locate the problem in their network, it may take a significant amount of time and effort to troubleshoot the network and develop a solution, leading to loss of productivity and revenue.

3. Insider threats and third-party misuse
According to the SANS State of OT/ICS Cybersecurity Survey, more than 62 per cent of organisations considered people the greatest threat to their OT networks.(1)  From disgruntled employees to careless or malicious third-party contractors and vendors, insiders are a major source of threats to ICS networks.

They have deep knowledge of the network and, often, unrestricted access to its resources. This presents an easy way to cause damage through intentional or unintentional misuse. Contractors and vendors may also have remote access and connectivity to customer sites for maintenance and support, further expanding the threat surface and exposure of the network. To quickly identify either malicious activity or mistakes, it’s essential to monitor the activity of both employees and third parties.

For an ICS monitoring solution to be effective, it should:
·        understand the communication protocols and threats specific to industrial environments. Traditional cybersecurity solutions may keep known offenders out but will deliver no value against advanced threats, zero day threats or daily operational problems
·        continuously monitor the ICS network to detect intrusions, malfunctions and other network anomalies at their earliest stage and let responders quickly prevent disruptions
·        be primarily passive, with optional operational technology (OT)-friendly active capabilities that don’t interfere with the network and its devices.

While Industry 4.0 brings great advancements for efficiency and productivity to the manufacturing industry, it equally brings a host of new risks. Without network monitoring, OT infrastructures are left vulnerable to attacks, which can potentially result in financial, societal, and health repercussions for companies and wider societies.

This article is by Steve Hunter, Senior Director for Systems Engineering,
Forescout (Asia Pacific and Japan)