Read why network monitoring is vital to keep your ICS network cyber resilient.
Industrial control system (ICS) networks play a major role in keeping the citizens and infrastructure of a country safe and operational. It is through these networks that utilities provide for the members of their communities by producing and delivering necessary services such as energy and water, and manufacturing companies provide the goods citizens use in their daily life.
Without appropriate monitoring of the safety and operation of these industrial environments, there is the potential for ICS networks to malfunction, shut down or succumb to cyberattacks. The result is not only the loss of a company’s revenue and image, but also a direct impact on a community or entire nation, as these systems are relied upon for daily operation of a functional society.
Here are three important reasons why it is vital to monitor your ICS network.
This is perhaps the first reason many think of for monitoring their ICS network. Recently, there have been several major cyberattacks targeting critical infrastructure. Stuxnet, WannaCry and CrashOverride are just a few of the highly destructive malware campaigns that have targeted critical infrastructure on a national scale.
These attacks have dominated the headlines and have been the subject of discussion for months, if not years. As destructive and dangerous as they can be, however, cyberattacks are not the most imminent threat to ICS networks. Of course, it is wise to consider the potential of a cyberattack, but this should not be your sole reason for monitoring.
- Internal Malfunctions
Networking and operational disruptions remain the leading role in the threat landscape. Contrary to common misconception, internal malfunctions are far more frequent than targeted cyberattacks and are the most constant and probable threat that your ICS network should be monitored for.
Imagine having a faulty valve in your network that is causing the industrial process to deviate, impacting the final product or service delivery. If you cannot see and precisely locate the problem, it may take a tremendous amount of time and effort to troubleshoot the network and develop a solution, which leads to loss of productivity and revenue.
- Insider Threats and Third-Party Misuse
From disgruntled employees to careless or malicious third-party contractors and vendors, insiders are a major source of threats to ICS networks. Insiders have deep knowledge of the network and often unrestricted access to its resources, and therefore, a very easy way to cause damage through intentional or unintentional misuse. Contractors and vendors may have remote access and connectivity to customer sites for maintenance and support, further expanding the threat surface and exposure of the ICS network. It is essential to monitor the activity of both employees and third-parties to promptly identify malicious activity and mistakes.
One of the first examples of an insider threat that is commonly used as a reference is the Maroochy Water Services case (Australia, 2000), where a former contractor caused 800,000 liters of raw sewage to spill out into local parks and rivers.
Without monitoring, your ICS network is left vulnerable to all the threats above. For the most effective monitoring, an ICS network must be monitored by a solution that:
- Understands the communication protocols and threats specific to industrial environments. Traditional cyber security solutions may keep “known offenders” out but will deliver no value against advanced threats and daily operational problems.
- Performs continuous monitoring. It is crucial to detect intrusions, malfunctions and other network anomalies at their earliest stage to respond promptly and prevent disruptions.
- Is passive with selective active capabilities that don’t interfere with the network and its devices.
If you would like to read more about the importance of monitoring your ICS network and the threat detection techniques available, download this whitepaper.