Cyber security awareness for Industrial Control Systems (ICS), also known as Operating Technology (OT), is highly important for managing water and electricity supply, transportation, communications and manufacturing facilities. Effectively educating the control engineers and users on ICS-OT cyber security risk can be done through well-defined preparedness. The education program shall involve a) ICS operators and experts, b) IT experts who want to learn ICS basics and cyber defense solutions and c) managers who must make correct decisions related to allocation of resources. This paper highlights few important processes and allow you effectively achieving these goals.
Differentiation among IT and ICS zones
IT cyber security expert mong the key principles and allows predicting most paths which an attacker may consider. For achieving more granular and as accurate as possible prediction, you may use the Industrial (Lockheed Martin) Cyber Kill Chain as well as the Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) principles introduced for ICS in 2020.
- Non-attack risk factors: First you must consider two incidents which might risk the ICS process, cause unexpected operation outage or damage but are not considered as a real cyber-attack; a) failure of an ICS sensor, a PLC, a communication appliance or an unexpected software bug, and b) incorrect action done by an authorized person. All these might lead to a panic response by the ICS-OT operator.
- Negligent behavior of people: You must consider actions such and inserting a not-certified USB stick to the ICS network, failure to detect a social engineering action, negligent supply chain processes, allowing remote connection to the ICS without authenticating the connecting person and his computer, consistent use of simple or repeating passwords, poor physical security, and more.
- Intentional attack by an insider: Such adversary might use his knowledge and attack the ICS directly or through the IT network, manipulate the Enterprise Resource Management (ERP) process, alternate parameters on utility processes; HVAC, data center cooling, UPS, fire alarm, in buildings, etc.
