Alert: Tracking exposed OT/ICS: 2017 – 2024

Ornamental dots. Two rows of three dots. The top row is a light blue. The bottom row is one light blue dot followed by two orange dots. Blog

3 Reasons to Monitor Your ICS Network

Erin Anderson, Solutions Marketing Manager, OT & Industrial Technologies | April 1, 2020

Learn why implementing OT network monitoring is vital to keeping your industrial infrastructure cyber resilient.

Industrial control systems play a major role in keeping the citizens and infrastructure of a country safe and operational. These networks enable utility providers to produce and deliver necessary services such as power and water, and manufacturing companies to provide critical supplies that people need every day like food, paper products, medical equipment and pharmaceuticals.

Without the appropriate monitoring of the safety and operation of these industrial environments, there is the potential for ICS networks to malfunction, shut down or succumb to cyberattacks. The result is not only the loss of a company’s revenue and reputation, but also a direct impact on a community or entire nation, as these systems are heavy relied upon for the daily operation of society.

Here are three important reasons to monitor your ICS network:

  1. Cyberattacks

    This is perhaps the first reason many think of for monitoring their ICS network. In recent years, there have been several headline-grabbing cyberattacks targeting critical infrastructure like Stuxnet, WannaCry, TRITON and LockerGaga. These represent just a few of the highly destructive malware campaigns that have targeted critical infrastructure on a national scale.

    These attacks have dominated the headlines and have been the subject of discussion for months, and in some cases, years. As destructive and dangerous as they can be, however, cyberattacks are not the most imminent threat to ICS networks. Of course, it’s important to consider the potential impact of a cyberattack, but this should not be your sole reason for implementing OT network monitoring.

  1. Internal Malfunctions

    Networking and operational disruptions remain the leaders in the threat landscape. Contrary to many people’s perception, internal malfunctions are far more frequent than targeted cyberattacks and the most likely issue that you should be looking for.

    Imagine having a faulty valve in your network that is causing the industrial process to deviate, impacting the final product or service delivery. If you can’t see and precisely locate the problem, it may take a tremendous amount of time and effort to troubleshoot the network and develop a solution, which leads to loss of productivity and revenue.

  1. Insider Threats and Third-Party Misuse

    According to the SANS State of OT/ICS Cybersecurity Survey, over 62% of organizations consider people the greatest threat to their OT networks. From disgruntled employees to careless or malicious third-party contractors and vendors, insiders are a major source of threats to ICS networks. Insiders have deep knowledge of the network and often unrestricted access to its resources, and therefore, a very easy way to cause damage through intentional or unintentional misuse. Contractors and vendors may have remote access and connectivity to customer sites for maintenance and support, further expanding the threat surface and exposure of the network. To quickly identify either malicious activity or mistakes, it’s essential to monitor the activity of both employees and third parties.

    One of the first examples of an insider threat that is commonly used as a reference is the Maroochy Water Services case (Australia, 2000), where a former contractor caused 800,000 liters of raw sewage to spill out into local parks and rivers.

Without network monitoring, your OT infrastructure is left vulnerable to all of the threats above. For the monitoring solution to be effective, it should:

  • Understand the communication protocols and threats specific to industrial environments. Traditional cybersecurity solutions may keep “known offenders” out but will deliver no value against advanced threats, zero days or daily operational problems.
  • Continuously monitor the ICS network to detect intrusions, malfunctions and other network anomalies at their earliest stage and enable responders to quickly prevent disruptions.
  • Be primarily passive, with optional OT-friendly active capabilities that don’t interfere with the network and its devices.

If you would like to read more about the importance of monitoring your ICS network and the various detection techniques available, download this whitepaper.

Demo Request Forescout Platform Top of Page