CYBERSECURITY A-Z

Industrial Cybersecurity

What Is Industrial Cybersecurity?

It involves protecting industrial networks, data, and systems within operational and cyber-physical environments, including critical infrastructure and industrial control systems (ICS). The sector is vast and includes facilities that range from factories and energy generation plants to water management and transportation networks.

The approaches and evolving technologies used target Information Technology and Operational Technology devices and systems to manage the risks within industrial environments. Many of these risks are digital in nature but can affect physical actions from machines.

“Whether in critical infrastructure, manufacturing, warehousing, transportation, utilities, building management or healthcare, every asset-intensive organization has cyber-physical systems (CPS),” explains analyst-firm Gartner in its market definition and description in the Gartner® Magic Quadrant for CPS Protection Platforms. “They can be interchangeably called operational technology (OT), Internet of Things (IoT), Industrial IoT (IIoT), Internet of Medical Things (IoMT), smart building solutions, or Industrie 4.0. Whatever term organizations choose to adopt, these systems have one thing in common — they are managed digitally but interact with the real, physical world.”

Industrial Cybersecurity vs OT Cybersecurity

They are closely related but not exactly the same. OT cybersecurity focuses specifically on protecting the systems that control physical processes in industrial settings, such as manufacturing plants or power grids. Industrial security, while encompassing OT, also includes the broader aspects of securing the overall industrial environment which may involve IT systems as well.

Here’s a table of the three key differences:

Criterion OT Security Industrial Security
Focus Protecting the hardware and software that monitor and control physical processes. Protecting all aspects of an industrial environment-OT systems, industrial networks, and supporting
IT systems.
Protection Scope Sensors & actuators; Control systems (including SCADA systems and Programmable Logic
Controllers (PLCs)); Network infrastructure; and Human-machine interfaces.		 Same as OT, plus IT systems; IIoT (Industrial Internet of Things) devices; remote access to OT
systems; and other technologies that support industrial operations.
Overall Goal To ensure operational continuity, safety, and reliability of physical processes, often with a focus
on preventing downtime and physical harm.		 To protect the overall digital environment of an industrial operation, including data
confidentiality, integrity, and availability.

In essence: OT security is a subset of industrial security, focusing specifically on the ICS security that directly control industrial processes. Industrial encompasses a broader scope, including all aspects of IT and OT systems within an industrial environment.

Why This Kind of Security Matters

These environments are increasingly connected by digital technologies, and that raises the risk level surrounding potential cyber attacks. Network security in these environments complex. Successful attacks can have increasingly dire consequences since compromised systems could impact others connected to them. The results would be more damaged equipment, more frequent stoppages in the production chain, and more vectors of data theft or loss.

“Because of this increasing IT/OT convergence, it is imperative that organizations consider control system security as part of their overall security program, rather than as a separate domain,” explain the authors of a (CS)2AI-KPMG report. “This applies both to security management programs (under standards such as IEC 62443 and ISO 27001) and to the controls used to secure and monitor these systems.”i

How It Works

It is a multifaceted approach that combines foundational practices, procedural safeguards, and human awareness to protect industrial infrastructure from the growing threat of cyber attacks.

The 10 key aspects include the following:

  • Risk Assessment and Management: Identifying vulnerabilities and potential threats to prioritize security efforts.
  • Network Segmentation: Separating ICS networks from business networks to limit the impact of potential breaches.
  • Access Control: Implementing strict measures to ensure only authorized personnel can access critical systems.
  • Regular Software Updates and Patch Management: Keeping systems up-to-date to address known flaws.
  • Continuous Monitoring and Detection: Employing tools to detect suspicious activities and respond in real-time.
  • Incident Response Planning: Developing and practicing procedures for addressing cyberattacks and minimizing damage.
  • Hardware Security: Utilizing specialized devices to protect data through encryption and secure communication.
  • Software Security: Employing measures like antivirus, firewalls, and access controls to protect digital assets.
  • Standards Compliance: Adhering to standards like IEC 62443 to ensure a baseline level of security.
  • Awareness Training: Educating personnel about security risks and best practices.

What Is The IEC 62443 Standard?

IEC 62443 is a globally recognized series of standards for industrial automation and control systems (IACS) meant to provide a comprehensive defense strategy for protecting these critical systems and asset owners from digital threats.

Created by technology experts at the ISA/IEC, the International Society of Automation (ISA) and the International Electrotechnical Commission (IEC), this series of standards is a detailed playbook for defending IACS, covering the entire lifecycle—from initial system design to ongoing maintenance. IEC 62443-2-1 breaks down silos between IT and OT security, providing enhanced guidance on establishing and maintaining security management systems across both domains.

Real-World Application of the IEC 62443 Standard

IEC 62443 is instrumental in guiding IT and Security teams as they strive to keep systems secure and operational—protected from hackers who seek to cause outages and/or steal data, among other nefarious intentions. Consider the following two examples:

Manufacturing. Robotics, supply chains, and interconnected Industrial Internet of Things (IIoT) devices are found in modern manufacturing environments. And that makes them a prime target for cybercriminals. IEC 62443 protects these complex systems from digital threats that could shut down entire production lines.

Transportation. Everything from airport control systems and railway signaling to seaport cargo management are potential weak points. IEC 62443 helps ensure a hacker can’t suddenly redirect trains, ground planes, or create chaos in shipping logistics.

NIST CSF Complements IEC 62443

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). The CSF provides a set of guidelines that help Oil and Gas companies manage and strengthen their security practices. It comprises five core functions:

  • Identify: Understand and prioritize risks and threats
  • Protect: Implement safeguards to protect critical infrastructure and data
  • Detect: Develop capabilities for early threat detection and response
  • Respond: Develop and implement an incident response plan
  • Recover: Develop strategies for rapid recovery from incidents

Following the NIST CSF helps an organization become, emphasizing threat protection, detection, and rapid incident response.

CISA Recommends both standards. The Cybersecurity and Infrastructure Security Agency (CISA) views both of these standards as a crucial defense strategy against advanced and persistent threats. Asa result, CISA encourages organizations to adopt IEC 62443 to mitigate risks in operational technology (OT) environments with particular emphasis on:

  • Knowing exactly what technology assets they have
  • Creating secure barriers between different systems and system types
  • Managing who can access critical systems

The Growth of Malware

Malware is expanding in industrial environments — and engineering workstations connected to the internet have become a target for attackers.

Forescout recently analyzed automated botnet families and found default credentials of OT devices for initial infection or instructions to wipe sensitive data directories. Such botnets usually infiltrate networks via internet-accessible devices. According to the SANS Institute’s latest “State of ICS/OT Cybersecurity”, connected devices are among the most common initial attack vectors involved in real-world OT/control systems incidents.

That same SANS survey identified engineering workstation compromise as the fourth most common initial attack vector, accounting for over 20% of OT/control systems incidents.

How Forescout Can Help

Forescout offers a comprehensive end-to-end IT and OT network security platform that not only supports multiple use cases — be it extending IT security controls, unifying risk and compliance— but also enables you to take action. We don’t just detect issues and leave you guessing about the next steps. The platform integrates seamlessly with your IT and security ecosystem so you can proactively create, optimize and automate remediation and operational workflows.

Sample Network Architecture in a Manufacturing Environment

This diagram shows a typical deployment architecture of the Forescout solution for industrial plants and manufacturing deployments. Various sensor deployment options are available, ranging from high-performance appliances for centralized deployments to ruggedized and lighter low-cost models as well as deployment on existing network infrastructure equipment for use in decentralized or segmented networks with limited throughput. Further integrations with the security ecosystem to exchange insights, automate workflows and initiate response to emerging cyber threats are available.

How Forescout Ensures Resilience

  • More Deployment Options:  Whether deploying in the cloud, using Docker containers on custom hardware sensors, or leveraging your network equipment, this IT and OT security platform integrates seamlessly across different layers of your existing infrastructure, minimizing disruption and avoiding unnecessary changes.
    Extended Discovery Capability: The Forescout 4D Platform™ supports 350+ industrial protocols with a blend of active and passive methods to discover and classify IT, OT and IoT assets. Whether you are pulling data from APIs, switches or wireless adapters, the platform handles scenarios where SPAN monitoring isn’t an option or passive methods fall short.
  • AI-Enhanced Asset Intelligence: Having visibility into all of your managed and unmanaged assets is just the beginning. The real value lies in understanding how they are configured and classified, how they operate, and how they interact with other systems. The Forescout 4D Platform™ gives you actionable insights to effectively manage and optimize change, vulnerability, risk and compliance processes.
  • Proactive Vulnerability Management: With one of the largest curated databases and actionable prioritization metrics, such as CVSS, EPSS, CISA, and Vedere Labs ‘KEV (Known Exploited Vulnerabilities) and threat intelligence, you have everything you need to evaluate threats from multiple angles and manage the complex patch management.
  • Intelligence-Driven Detection: Comprehensive threat detection tailored to OT, IoT, and IT hybrid environments and powered by Vedere Labs research and threat intelligence. With advanced event classification and case management, you can efficiently manage alerts, track incident resolution, and monitor KPIs to ensure faster response times and superior event handling.
  • Forescout AI Reporting: Persona-based dashboards, and customized views ensure that the right data reaches the right people. You can create custom views for IT and security operations, SOC analysts and executives and turn them into customized reports that provide contextual insights into devices, alerts, potential incident causes, and recommended remediation steps.
  • IT/OT/IoT Converged Vulnerability and Risk Management: Change the way you manage, assess and prioritize risk to make better security and business decisions. Go beyond flawsso you can analyze risk from every angle. See across network, operational and cyber risks with built-in metrics and tools, including our proprietary ICS/OT threat database and Vedere Labs KEV, so you can evaluate all scenarios from your own perspective.

Learn more about our approach to OT Security and the Forescout 4D Platform™.

[i] Control System Cybersecurity Association International and KPMG. The (CS)2AI-KPMG Control System Cybersecurity Annual Report 2024. Accessed December 9, 2024 from the following source: Control System Cybersecurity Annual Report 2024

Demo RequestForescout PlatformTop of Page