Currently some industries, work with industrial control systems, in order to acquaint our readers before we can discuss how to protect them, it is important to know what they are, so we can go into more detail.
What is an Industrial Control System?
Industrial control systems encompass different systems and information technologies, for example we can use the SCADA (for supervisory control and data acquisition), DCS (distributed control systems), and PLC (programmable logic controllers), whose main objective is to provide the management and control of industrial processes. Conventional information systems.
Therefore, industrial control systems generate physical processes, to give you an idea, these systems are used in practice in many industries. oil e gas, electrical networks, manufacture, smart buildings e cities, and much more.
Which industries should be particularly concerned about the security of your information and why?
All critical infrastructure are at risk, but especially the generation, transmission and distribution of electricity, all types of utilities, all oil and gas flows. In addition to such sensitive infrastructures, "non-critical" industry organizations also suffer from cyber attacks enabled by high connectivity with external networks.
When we talk about safety in industrial control systems, we must say "cyber security" rather than "Information Security", Because in most cases, we refer to the security of processes or assets cyberphysicists, and not information.
What are the types of attacks that exist for these systems?
In general, industrial control systems have two major attack vectors. Hackers can access industrial infrastructure through external boundary networks (for example, a ERP exchanging data with industrial networks for predictive maintenance), or or may try to infiltrate directly through a system domain, using the carelessness of employees or even bribing a worker. For example, an engineer may bring a pen drive or an infected personal device directly into a network giving hackers access.
54% of industry organizations have had more than one cyber incident in the past 12 months.
It is important to realize that there are still many truly open networks today, even in critical infrastructures. Industrial networks are a part of their greater connectivity to poorly configured and low awareness of employees, since one way or another, the team can involuntarily let that happen.