The rise in attacks against the nation’s critical infrastructure control systems – and the potentially devastating consequences these incidents could incur – have resulted in a growing concern among industry leaders and organizations.
With many industrial control systems still relying on outdated software and protocols, bolstering the protection of these systems has become increasingly difficult for organizations – and easier for attackers to penetrate their networks.
In a recent survey conducted by the SANS Institute, 32 percent of respondents revealed that their control system assets or networks had been infiltrated or infected at some point.
Furthermore, of the 314 respondents who actively maintain, operate or provide consulting services to facilities operating industrial control systems, nearly half (44 percent) admitted they were unable to identify the source of the infiltration.
In addition, an alarming 34 percent stated they believed their systems had been breached more than twice in the last year. Meanwhile, 15 percent reported needing more than a month to detect a breach.
Derek Harp, business operations lead for the Industrial Control System (ICS) program at SANS and co-author of the report, explained monitoring inside a control systems network is challenging for a number of reasons.
“ICS security staff are doing everything they can, but the tools to safely monitor, examine and analyze what’s happening at the network level are pretty new to the market, and not widely implemented yet.”
In an interview with SecurityWeek, Harper said tools that are not optimized could pose reliability risks for ICS hosts or networks, such as slowing down or interrupting control system traffic, generating alerts, acting on false positives, or even causing unexpected shutdowns.
The report states that while control system networks are not necessarily more opaque than IT systems, the available tools to map and monitor their traffic and attached devices have been less robust than their IT counterparts.
“To succeed at protecting these environments, control system and information security professionals need sufficient training, tools and support—not only so they can respond to ongoing attacks, but also so they can proactively identify and implement safeguards to prevent future ones,” the SANS report read.
The complete SANS report is available here (PDF).