Having a robust cyber security system in place helps organisations protect the availability, confidentiality, and integrity of their systems.
Cyber security today needs no introduction.
A lot of early process automation systems were mainly designed to improve functionality and performance – they did not focus much on the critical aspect of security, nor on the interconnectivity with other systems. Most of these automated systems operated in silos and assumed implicit trust.
Today, led on by the Industrie 4.0 revolution, most manufacturing organisations have adopted technological advancements and networking as part of automating their plant automation processes. The older systems today are thus becoming a part of these common networks, and are usually being identified as the weak point in total network security.
Hackers, cyber-terrorists, and other intelligent-minds-gone-awry spare no one, and no industry – not even process control engineering and process automation.
The huge numbers of systems that need to be connected as part of this exercise exposes the devices to several weak points that are at the risk of cyber-attacks. If these weak spots are not identified and secured, any cyber-attack may cause a massive impact on the entire organisation and apart from loss of business-critical, confidential data, and damage to a company’s image, also lead to production failure, pollution, and personal injuries.
Today, industrial control systems (ICSs) are almost in a state of continuous risk due to external modifications and the threat of malware attacks over open computing platforms. Malware protection for process control systems have thus become a topic for board room discussions and Cyber Security measures are being implemented in place for safeguarding organisations against any such malicious attacks and threats. Robust cyber security is thus required to improve the resilience of ICSs against adverse incidents and help businesses return to normalcy in case of an attack, as also help reduce unplanned downtime.
Daily virus signature patch updates, rebooting nodes according to defined cycles, performing data transfers using SSL-encrypted remote connections are a few means that not only help in a smooth integration with a plant’s IT structure, but also ensure robust security.
Having a robust cyber security system in place helps organisations protect the availability, confidentiality, and integrity of their systems apart from enabling plant operators to increase the security standards of their IT systems. Organisations have now begun to realise the fact that expenses incurred on implementation of measures that prevent cybercrimes are way lesser than what they would otherwise have to incur in case they are a victim of a cybercrime.
Siemens Limited is a leader in power plant automation systems in India, as well as a leading provider of cyber security solutions. It has plans to implement cyber security solutions for power plant automation at the Paguthan (Gujarat) plant of CLP India Private Limited. The solution will help CLP India to improve the cyber security system at its power plant and will aide in detecting threats and safeguarding against advanced cyber attacks by analysing the same and raising threat alarms that cover both IT and Operational Technology (OT) networks. The endpoint protection provided by the solution also helps prohibit execution of malicious applications.
Prashant Jain, Head, Power Generation Services, Siemens Limited, says, “In today’s digitalised world, power plant automation systems require robust and resilient delivery systems. Given the increasing frequency of cyber attacks, it is very important to obtain a precise picture of the cyber security level of the plant and its associated Instrumentation and control systems. Protective measures can then be implemented to remedy any deficiencies detected.”
The International Society of Automation (ISA) is also working hard at securing control systems and has developed ISA99, a comprehensive standard that is better known as the global industrial cyber security standard IEC 62443. The ISA99/IEC 62443 Cybersecurity Fundamentals Specialist Certificate is given to individuals who have been trained to work in an ICS environment and can help organisations defend against hackers hurting their plants.
The Market and Future Trends
Industrial Control Systems Security Market will be worth 13.88 billion USD by 2022.
As per the report on "Industrial Control Systems Security Market from Markets And Markets by Solution (Firewall, Antivirus/Anti-Malware, Identity and Access Management, Security Information & Event Management, DDOS, UTM), Service, Security Type, Vertical, and Region – Global Forecast to 2022", the ICS security market size is expected to grow from USD 10.24 billion in 2017 to USD 13.88 billion by 2022, at a Compound Annual Growth Rate (CAGR) of 6.3%.
The major reasons why the ICS security market has seen an exponential rise are huge investments in smart technologies, cyber attacks, and network security threats.
Firewall solutions are expected to have the largest market share and dominate the ICS security market from 2017 to 2022 due to the evolution of the next generation firewall that will have capabilities such as application awareness, deep packet inspection, and integrated network intrusion prevention, that help protect the weak spots of an enterprise network from unwanted users.
In the ICS security market, the Transportation Systems vertical will be seen to grow at the highest CAGR levels between 2017 to 2022. The aviation sector is very vulnerable and prone to both cyber and physical threats. Even the Maritime Transportation System (MTS) today needs a robust ICS security being a critical national economic infrastructure.
India should see a huge cyber security market growth over the next decade. According to Data Security Council of India (DSCI), India’s cyber security market is expected to grow nine-fold to $35 billion by 2025, from about $4 billion. This would mainly be driven by an ecosystem to promote the growth of indigenous security product and services start-up companies.
The APAC region is going to witness extensive growth in avenues such as the ICS security market, and may even surpass North America in terms of market size by 2022.
Setting up an Effective Cyber Strategy
A few important steps that help set up an effective cyber security strategy may include:
- Analyse and define the potential risks: Organisations must have in place exhaustive scenarios based on analyses of existing risks for evaluating the current security systems. Milestones must be set to check the system robustness and to check whether the growth is in the right direction.
- Perform audits: Industrial organisations must utilise independent auditors for assessing if the systems are adequate and comply with established operational procedures and policies, and to suggest changes.
- Check security and reliability of architectures being deployed: To realise the advantages and overcome the shortcomings of the cyber security architectures, a thorough evaluation of these architectures is a must.
- Ensure that your network security is leakproof: Organisations must implement a robust Network security using cyber security measures such as firewalls, security analytics, and threat detection so as to restrict any unwanted access to system resources.
- Safeguard network endpoints: ICS departments need to protect their networks using application whitelisting, anti-virus protection, end-node hardening, patching, and portable media security.
- Keep taking regular backups: Taking a regular backup of systems is a must so that in case of an untoward incident, they can be restored quickly.
It is obvious that Industrial firms need to take specific steps to protect their business-critical facilities as they cannot afford any sort of risks or uncertainties. Companies in the oil and gas, refining, petrochemical, and power-generation industries, among others, thus, must implement safeguards in place that prevent and mitigate cyber security threats that may otherwise jeopardise their assets, environment, personnel, plant infrastructure, and production operations.
Pic1: Siemens has opened its "Cyber Security Operation Centre" (CSOC) for the protection of industrial facilities.
Pic2: Recently Invenergy, a clean energy provider, chose GE to secure their entire fleet of wind turbines.