Currently, some industries work with industrial control systems, so as to inform our readers, before we approach how to protect them, it is important to know what they are, in order to go into more detail.
What is an Industrial Control System?
Industrial control systems encompass different systems and information technologies, for example we can use the SCADA (for supervisory control and data acquisition), DCS (distributed control systems), and PLC (programmable logic controllers), whose main objective is to provide the management and control of industrial processes. Conventional information systems.
Therefore, industrial control systems generate physical processes, to give you an idea, these systems are used in practice in many industries. oil e gas, electrical networks, manufacture, smart buildings e cities, and much more.
Which industries should be particularly concerned about the security of your information and why?
All critical infrastructure is at risk, but especially the generation, transmission and distribution of electricity, all types of utilities, all oil and gas flows. In addition to such sensitive infrastructures, “non-critical” industrial organizations also suffer from cyber attacks enabled by having high connectivity to external networks.
When we talk about security in industrial control systems, we must say “cyber security" rather than "Information Security“Because in most cases, we refer to the security of processes or assets cyberphysicists, and not information.
What are the types of attacks that exist for these systems?
In general, industrial control systems have two main attack vectors. Hackers can gain access to industrial infrastructure through external boundary networks (for example, a corporate network with ERP that exchanges data with industrial networks for predictive maintenance), or they may try to infiltrate directly through a domain of the system, using staff carelessness or even bribing a worker. For example, an engineer can bring an infected flash drive or personal device directly onto a network, giving hackers access.
54% of industry organizations have had more than one cyber incident in the past 12 months.
It is important to realize that, today, there are still many truly open networks, even in critical infrastructures. Industrial networks owe part of their greater connectivity to poorly configured and low employee awareness, since one way or another, the team can involuntarily let this happen.
