Cyber Security for Industrial Control Systems

A New Approach
White Paper Wed 19 Sep 2018

Industrial Control Systems (ICS) underpin individual businesses and National Critical Infrastructure around the world. They maintain control of power stations and nuclear plants, water distribution systems and manufacturing sites – and today, they are routinely targeted by cyber attackers looking to spy on, compromise and damage those organizations.

Historically, industrial networks were kept separate from corporate networks, but significant efficiency gains and a broad trend for digital interconnectivity have driven a convergence between Operational Technology (OT) and Information Technology (IT) systems. Adoption of new control technologies, and the introduction of the Industrial Internet of Things (IIoT) are also increasing the complexity and interconnectedness of traditional OT environments.

The business of cyber security has changed dramatically in the past few years, presenting a significant challenge to management teams across all industries and business domains. A report conducted by the Cybersecurity Research Group found that 67% of companies with critical infrastructure experienced at least one cyber-attack in the last year and 78% expected their ICS and SCADA systems to be exploited in the next two years.

We see an increasing trend toward IT security teams taking on more accountability and responsibility for securing the OT systems, which require different specialist skills and working practices. This cultural and technical convergence will bring a steep learning curve that must be overcome.

Increasingly exposed to the same attack vectors used in the majority of cyber-attacks, OT devices within ICS and SCADA environments are inherently harder to secure, but their compromise can lead to enormous physical damage and danger to human life. The critical nature of ICS environments also makes securing these devices more challenging than in IT environments. Ever since the Stuxnet malware was widely reported in 2010, threats to industrial systems have grown rapidly in both number and capability. This was made clear in, among others, the 2014 compromise of a German steel mill that caused massive damage to a blast furnace and the 2015 and 2016 attacks against the Ukrainian power grid.

Ongoing malware campaigns are actively acquiring critical data about control systems, while quietly maintaining persistent access. Existing defenses such as firewalls have repeatedly proven inadequate on their own, especially against insiders who already have privileged access. The security community is increasingly coming to the consensus that we are entering a new era of serious OT cyber-threat, with ever rising numbers of vulnerabilities being found in control system devices.

Darktrace’s Industrial Immune System is a fundamental innovation that views data from an ICS network in real time, and establishes an evolving ‘pattern of life’ for operators, workstations and automated systems.

Darktrace uses machine learning and AI algorithms to detect and respond to cyber-threats that get through perimeter controls and evade rule-based approaches that can only identify previously-seen threats. Darktrace’s Industrial Immune System technology is deployed across both OT and IT environments to provide full coverage of an organization.

"The threat landscape is evolving so fast, and threats are becoming so sophisticated. It's becoming near impossible to keep up. Darktrace's machine learning is clearly the way forward."
Ken Soh, Chief Information Officer
BH Global