Developments within the Industry 4.0 and the Industrial Internet of Things (IIoT) ecosystem have significantly enhancing the digital and connectivity capabilities of Industrial Control Systems (ICS) across multiple verticals including manufacturing, oil and gas, critical infrastructure, and nuclear power.
This has opened the floodgates to serious cybersecurity risks, threatening to cause billions of dollars in damage to industrial operations worldwide. ABI Research noted that despite the imminent danger, cybersecurity investment within the ICS market is severely lagging, expected to barely cross the US$2 billion mark by 2025.
“Over the past years, this shift has allowed internet-borne cyberthreats to find their way into traditionally sheltered industrial networks, wreaking havoc to severely underprepared systems. The cybersecurity threats faced in ICS are unlike any other,” warned Dimitrios Pavlakis, Industry Analyst for ABI Research. “ICS are powering the world’s leading and most critical industries. A well-placed cyberattack can cause human casualties, billions in infrastructure damage, and even bring certain operations of a country’s critical infrastructure to a grinding halt.”
Social engineering, combined with cyberattacks like LockerGoga, WannaCry, notPetya, Triton, Sauron, CrashOverRide, DragonFly, and many of their mutations, have proved that digitized industrial systems are not only quite vulnerable but also a very attractive target for cyber-attackers.
ABI Research blames the problem on the juxtaposition of IT and OT. IT security integration is expected to absorb almost 80% of the ICS security in 2019, which is primarily lead by successful Security Information and Event Management (SIEM) implementations. That is expected to drop below 70% by 2025 when other investment sources like OT asset management, threat intelligence, encryption, and ID management will increase considerably.
Additionally, while threat intelligence, encryption, and ID Management in ICS will start slowly, they are expected to grow almost threefold in investment within the next five years.
“Industrial cybersecurity strategies need a radical rethink and should be built from the OT ground up to address the evolving threat landscape. Customizing IT security and placing into an OT environment is not the answer but is one example of a strategy that is indicative of the inherent confusion regarding the ICS cybersecurity landscape,” said Pavlakis.
Steering away from traditional “air-gapped” models (having no external connections) and embracing the underlying premise of Industry 4.0 for ICS is not an easy task. The same security procedures, protocols, network/user/device protection, and ID management that make sense in corporate IT environments cannot be applied to industrial ones. Doing so will not only serve to exacerbate the underlying “IT versus OT” issue but also will gravely hinder security operations and integrations of security products with ICS equipment across the board.
“Increasing security infrastructure investment without hindering industrial operational objectives, managing the IT-OT convergence in a streamlined approach, developing new KPIs for cybersecurity operations, forcing the evolution of SIEMs and SOCs for ICS, and tending to the rising concerns from AI-borne cyberthreats are the essential components and should be used as the foundational building blocks in the development of any ICS cybersecurity strategy,” concluded Pavlakis.