Blog

Minimizing Cybersecurity Impact from Human Error in ICS Networks

Erin Anderson | September 9, 2019

Most industry professionals agree that malicious activities from outside of an organization are a huge risk, so they prioritize strengthening external protections and keep a constant watch on their surroundings. What might come as a surprise is that, last year, 52% of security incidents affecting industrial control systems (ICS) and operational technology (OT) networks were unintentional errors or actions by the employees. Long story short, most issues last year came from inside an organization, which is a problem that needs to be addressed quickly.

Education and Training Should Be High Priority

The first challenge stemming from the human factor is a lack of proper education and training. Untrained staff is more prone to simple mistakes, which could potentially wreak havoc on business continuity. Investment in cybersecurity training, particularly for anyone with access to critical ICS networks, is crucial.

The good news is, organizations are beginning to recognize this as a priority, with almost 30% stating that investing in general cybersecurity awareness programs for employees, including IT, OT and hybrid IT-OT personnel, was a top business initiative for 2019. Staff should always be trained on proper security procedures during onboarding and should also receive periodical retraining to help keep them sharp.

Access Is a Privilege, Not a Right

In addition to providing solid security education and training, organizations should also ensure that only employees whose job functions depend on accessing an ICS network should be allowed near the network. If too many people in an organization are authorized to access vulnerable parts of OT infrastructure, the potential for human error skyrockets. It’s imperative to remember that access is not a right, but a privilege – and should be used responsibly.

Implementing the proper network access controls, including monitoring for and logging all access attempts, can help provide visibility into who is logging into the network, where they are and when they’re doing it. That way, if something does go wrong, incident response teams have access to important data to be able to trace and eliminate the threat.

Proper Network Configuration Is Key

Network misconfiguration presents another common cybersecurity issue resulting from human error, with misconfigurations accounting for 34% of ICS network vulnerabilities last year. One of the most challenging aspects of keeping an ICS network safe is proper configuration, especially as we enter the age of IoT (Internet of Things) and converging IT-OT networks. As organizations expand their wireless connectivity, complex architectures composed of new devices, legacy OT systems, campus networks and the cloud are emerging, providing more potential points of compromise for an ICS network.

Proper network configuration and segmentation is particularly vital for a company’s OT infrastructure, since many important business and safety processes are controlled by these systems. Any operational failure from a human’s accidental misconfiguration of a device on an ICS network could have severe consequences.

Reducing the Impact of Human Error on ICS Networks

Even if a company establishes a stringent cybersecurity training program, restricts ICS network access to the bare bones, and triple checks their network and device configurations, accidents still happen, since that’s part of human nature. Continuously monitoring an ICS network for indicators of misconfigurations and network access attempts can help prevent possible incidents caused by human error and strengthen the overall ICS cybersecurity posture of an organization.

Deploying an ICS network monitoring tool, combined with a properly trained security team analyzing the data from it, can be a very effective way to help reduce the impact of human error on an ICS network. Some of the important features a tool like this can provide include:

  • Network Visibility: Know which devices are on the ICS network and their risks
  • Asset Management: Ensure devices are configured properly and critical patches have been applied
  • Network Segmentation: Isolate misconfigurations to reduce potential points of entry
  • Network Monitoring and Intrusion Detection: Find out if something goes wrong in real time

To learn more about how you can mitigate risk to your ICS network from the human factor, download the SANS 2019 State of OT/ICS Cybersecurity Survey.

2019 SANS State of OT/ICS Cybersecurity Survey Report