- Posted by fedco
- On January 4, 2015
- ics security, ics security assurance
Why ICS Security Assurance is Important
Industrial Control System security concern has getting up and up in this decade due to the increasing cyber risk and attack that has been recorded across the globe that targeted ICS environment. The risk of cyber attack mostly came from internal organization, while the external portion also playing quiet significant contribution with the worst impact as the consequence.
There are several reasons why Industrial Control System security assurance should be put as the urgent and important matter for the industry that govern this type of system as their critical infrastructure, especially for the critical industry such as Oil & Gas, petrochemical, nuclear plant, power plant, etc. The following reasons are:
1. The computerized Industrial Control System environment with open protocol and open platform
2. The integration between Industrial Control System and Corporate Network
3. Heritage risk from the common IT infrastructure that being adopted in Industrial Control System
4. Lack of awareness of ICS security if compared to IT security environment
5. Threat and vulnerability vs. Risk -> Safety, business and environment consequences
Industrial Control System Security Concern
The cyber security concern in Industrial Control System environment is not just talking about the virus and malware but it is beyond that mindset. The concept of ICS security should be seen as the integrated aspect that consist of several management system that related into it, they are Access Management, Asset Management, Data Management, Emergency Response Management, Network Management and Risk Management.
It is a complex concern that requires all of the related entities within the organization to take part, from management to the technician, since the ICS security is not just one man show activities but it is a team work and work as team approach.
Industrial Control System Security Challenges
Some of the big challenges to implement the ICS security assurance are as per the following:
1. Lack of awareness of the cyber security criticality in ICS environment
2. People thinking of ICS has no relation with ICT stuff, no need to deploy cyber security in ICS environment
3. Lack of capable professionals that has ability to cover Automation Control engineering and Information Communication Technology disciplines to deal with the Cyber Security Management and Compliance in ICS
4. Business driven is not seeing the critical requirement of having cyber security assurance for their ICS environment
5. Standards/policy/procedures/manuals not in place or inadequate
6. Culture and behaviour