Cybersecurity Strategies Need Rethink: research

London, UK—The paradigm shift brought by Industry 4.0 and the Industrial Internet of Things (IIoT) is  enhancing the digital and connectivity capabilities of Industrial Control Systems (ICS) across multiple verticals, including manufacturing, oil and gas, critical infrastructure, and nuclear power.

It has also opened the floodgates to serious cybersecurity risks, threatening billions of dollars in damage to industrial operations worldwide. And yet, cybersecurity investment within the ICS market is lagging, expected to barely cross the US$2 billion mark by 2025, according to ABI Research.

“Over the past years, this shift has allowed internet-borne cyberthreats to find their way into traditionally sheltered industrial networks, wreaking havoc to severely underprepared systems.The cybersecurity threats faced in ICS are unlike any other,” said Dimitrios Pavlakis, industry analyst for ABI Research. “ICS are, quite literally, powering the world’s leading and most critical industries. A well-placed cyberattack can cause human casualties, billions in infrastructure damage, and even bring certain operations of a country’s critical infrastructure to a grinding halt.”

Social engineering, combined with cyberattacks like LockerGoga, WannaCry, notPetya, Triton, Sauron, CrashOverRide, DragonFly, and many of their mutations, have proved that digitized industrial systems are not only quite vulnerable but also a very attractive target for cyber-attackers.

At the root of the problem is the juxtaposition of IT and OT. IT security integration is expected to absorb almost 80 per cent of the ICS security in 2019, which is primarily lead by successful security information and event management (SIEM) implementations. That is expected to drop below 70 per cent by 2025 when other investment sources like OT asset management, threat intelligence, encryption and ID management will increase.

Additionally, while threat intelligence, encryption, and ID management in ICS will start slowly, they are expected to grow almost threefold in investment within the next five years.

“Industrial cybersecurity strategies need a radical rethink and should be built from the OT ground up to address the evolving threat landscape. Customizing IT security and placing into an OT environment is not the answer but is one example of a strategy that is indicative of the inherent confusion regarding the ICS cybersecurity landscape,” said Pavlakis.

Steering away from traditional “air-gapped” models (having no external connections) and embracing the underlying premise of Industry 4.0 for ICS is not an easy task. The same security procedures, protocols, network/user/device protection and ID management that make sense in corporate IT environments cannot be applied to industrial ones. Doing so will not only serve to exacerbate the underlying “IT versus OT” issue but also will gravely hinder security operations and integrations of security products with ICS equipment across the board.

While most companies deal primarily with network visibility issues, there has been increased movement by both leading vendors and start-ups addressing the future ICS cybersecurity challenges. I

“Increasing security infrastructure investment without hindering industrial operational objectives, managing the IT-OT convergence in a streamlined approach, developing new KPIs for cybersecurity operations, forcing the evolution of SIEMs and SOCs for ICS, and tending to the rising concerns from AI-borne cyberthreats are the essential components and should be used as the foundational building blocks in the development of any ICS cybersecurity strategy,” Pavlakis said.

These findings are from ABI Research’s Cybersecurity for Industrial Control Systems application analysis report.