Cybersecurity; The New Normal

A total of $706,452 has been paid in ransom to cybercriminals by Nigerian businesses, According to Sophos, in “The State of Ransomware 2022 report”. 

Industrial Control Safety Systems (ICSS) in Critical infrastructure are increasingly exposed to cyber-attacks because of the digitisation drive of the industry. 

As supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control systems become connected to the Internet to allow greater business efficiency (remote process monitoring, system maintenance, process control, and production data analysis)- Industry 4.0, they also make the business more vulnerable to threats with the potential to seriously affect critical Industrial Control and Safety Systems.

This article will discuss the cyber security challenges facing industries in the energy sector and the steps that can be taken to mitigate the risks.

Critical infrastructure is classified as the physical and IT/OT assets, networks, and services that if disrupted or destroyed would have a serious impact on the health, security or the economic well-being of citizens and the efficient functioning of a country’s government. 

The energy sector and manufacturing industries are critical to the global economy, and their security is of the utmost importance. The integration of operational technology (OT) and information technology (IT) – industry 4.0 – in these industries has also increased efficiency and productivity, but it has also increased the risk of cyber-attacks.

The integration of OT and IT systems, which is one of the main challenges facing industries in the energy sector, helps control and monitor physical processes, while IT environments, i.e., the internet and cloud, are used to process and store data. The integration of these environments means that cyber-attacks on the Information Technology environment can now directly impact the physical processes controlled by Operational Technology systems.

The use of legacy (ICSS) in these industries is prevalent. Many Control & Safety Systems were developed before cyber security was a global concern and may not have the necessary security measures in place to prevent such attacks when the ICSS is compromised. In addition, the hardware and software in these legacy ICSS could have reached their End of Life (EOL), which makes them more vulnerable to cyber attackers.

Some other factors contributing to the growing vulnerability of industrial control systems include:

• Insecure remote connections; Access links such as dial-up modems and wireless communications are used for remote diagnostics, maintenance, and examination of system status. If encryption or authentication mechanisms are not utilised, the integrity of the transmitted information is vulnerable.
• Standardised technologies; Organizations are transitioning to standardised technologies, such as Microsoft’s Windows, to reduce costs and improve system scalability and Internal performance. The result is unrestricted access to knowledge and tools to jeopardize the system and an increase in the number of systems vulnerable to attack.
• Availability of technical information; Public information about infrastructures and control systems is readily available to potential hackers and intruders. Design and maintenance documents and technical standards for a critical system can all be found on the internet, greatly jeopardising overall security.

In addition to the challenges and vulnerabilities facing the industrial control system, cyber threats and incidents are now a major operating and business risk for every digital enterprise. In the age of digitisation, it is imperative to create and execute strategies that allow the business to monitor and mitigate cyber threats and risks supporting its financial objectives.

Traditional industry best practice recommends that the ICSS and operational business networks be physically segregated and employ dedicated networks which enhance security and prevent these attacks. 

But to truly mitigate these risks, and be IIOT-ready, organisations need to have a comprehensive cyber security program with the partnership of industry experts, which incorporates intrusion detection and prevention systems, firewalls and secure remote access solutions in place.

Solutions such as those offered by Schneider Electric; with a team of certified experts, delivering holistic cybersecurity programs to help maintain the system’s defenses, with cybersecurity services such as vulnerability assessments, penetration testing, and incident response planning from an operations perspective, while integrating appropriate IT policies and requirements.

In conclusion, the integration of OT and IT systems in the energy sector, and manufacturing industries has increased efficiency and productivity, but it has also increased the risk of cyberattacks. There is still more to be desired as Organisations in these industries need to adopt a cybersecurity program and posture to maintain profitability to protect against cyber-attacks.