ISACA has published a new guide about the current cybersecurity threat for industrial control systems (ICS). Titled “Industrial Control Systems: A Primer for the Rest of Us,” the guide takes a deeper look at ICS and why security practitioners face a daunting challenge in defending an infrastructure that is often full of antiquated technology.
According to the guide, ICS were never intended to be interconnected, but are now more vulnerable because of their convergence with traditional information and communications technology (ICT).
The guide discusses the differences and similarities between ICS and IT; ICS has an operational focus and IT is system or task-specific. Regardless of their differences, threat agents and attack vectors are the same for both systems.
A section called “Defining Industrial Control Systems” provides an in-depth overview of what comprises today’s ICS—generally understood as systems such as electricity, water and energy production as well as manufacturing and distribution. It defines:
* Architecture and all of its components
* Distributed Control Systems (DCS)
* Supervisory Control and Data Acquisition (SCADA) Systems
* Process Logic Controllers (PLC)
“ICS were originally designed to perform tasks in environments that were separate and apart from traditional IT systems,” said Robert E Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. “In today’s environment, understanding IT risk and governance principles is increasingly critical to the ICS community, especially in converged enterprises.”
The guide suggests there are great advantages to creating and sustaining cross-functional teams between ICS and IT cybersecurity professionals. This scenario will help both teams make use of development and execution of enterprise cybersecurity strategies.
“Industrial Control Systems: A Primer for the Rest of Us” is available for free download from the ISACA web site.
|