Industrial Automation & Control Systems are an integral part of various manufacturing & process industries as well as national critical infrastructure. Concerns regarding cyber-security of control systems are related to both the legacy nature of some of the systems as well as the growing trend to connect industrial control systems to corporate networks. These concerns have led to a number of identified vulnerabilities and have introduced new categories of threats that have not been seen before in the industrial control systems domain. Many of the legacy systems may not have appropriate security capabilities that can defend against modern day threats, and the requirements for availability and performance can preclude using contemporary cyber-security solutions. To address cyber-security issues for industrial control systems, a clear understanding of the security challenges and specific defensive countermeasures is required. The session will highlight some of the latest cyber security risks faced by industrial automation and control systems along with essential security controls & countermeasures.
Performance – Real time response is critical, May not require high-throughput Controls should not hamper normal or emergency operations Availability – Very high uptime requirement, Outages are not acceptable and may result into physical events, simply rebooting IT systems is not the solution, downtime planning is critical and any changes require extensive testingSecurity Goals differ – Availability is priority, unlike confidentiality for IT systemsResource Constraints – Compute power, memory, bandwidth limitation Typical IT security solutions do consume lot of computing resourcesLong Technology Life Cycle – 10-20 years compared to 3-5 years for IT. Proprietary and complex & non standard systems and communication protocols, not easy to deploy usual IT security solutions in IACS spaceSecurity Staff – Expertise widely differ, Control systems expertise is not available with typical IT staff, require special training and staff development