Cybersecurity of Mission Critical Systems: Comprehensive View
Legend about the isolated character of industrial control systems (ICS) becomes the thing of the past. Business requirements force companies to integrate mission critical environments with enterprise management systems. It means that the number of ICS components potentially available online is growing. However, some ICS components may contain vulnerabilities. According to the open source data, 189 vulnerabilities were registered in 2015, 49% of them are critical ones. Experts from ICL, Check Point and Kaspersky Lab think that this situation requires close cooperation of all parties concerned including solution vendors and owners of ICS systems.
Industrial cybersecurity was the subject of the workshop jointly held by ICL, Check Point and Kaspersky Lab in Surgut. The discussed issues are of highest priority and importance in this region. Surgut ranks third among the largest industrial clusters in Russia. It includes several leading national industrial enterprises and the world’s second thermal power plant in terms of installed capacity and power generation per year.
The workshop was attended by over 60 people. Among the participants were the representatives of all stakeholders — manufacturers of hardware for mission critical systems, companies providing system data security, and the owners of industrial control systems. Therefore, the issue was thoroughly studied and the views and interests of all parties concerned were taken into account.
Artem Kozhevnikov from Emerson expressed the view on the current cybersecurity issues shared by ICS system developers. He told about the existing security tools built in ICS. But he also pointed out that these tools are not enough to ensure high level of system security and dedicated security solutions should be used.
Dmitry Avramenko, expert in ICS Information Security at ICL, gave a summary of the practical approach to selecting ICS security tools used in ICL.
«To take into account all specific aspects and to select the proper solution meeting all requirements, we suggest using the testing facility,» he said. «With the help of special testing facility that simulates operations of the protected industrial site, the selected solutions can be tested, analysed and then the appropriate recommendations for use will be issued. We have been actively using this approach at ICS Information Security Competence Center opened in Innopolis this year. In particular, we have successfully completed a number of projects for several large oil and gas companies that included cybersecurity assessment of the existing ICS system and testing project designs for compatibility with such ICS systems.»
Pursuing a subject of dedicated security solutions, Ivan Chernyshenko from Check Point unveiled Check Point product line for ICS security, specifically Check Point 1200R rugged appliance line that was introduced in the market last summer. The appliance delivers proven, integrated security and fully complies with industry standards, it can successfully operate in extreme temperatures from −40°C to +75°C.
Georgy Shebuldaev from Kaspersky Lab told about the cyber attacks targeted at industrial facilities. According to the studies, 35% of incidents related to industrial network failures are caused by cyber attacks. Intruders mostly use malware which has apparently become their preferred security violation method. The expert also demonstrated functionality of Kaspersky Industrial CyberSecurity solution that protects industrial facilities and ensures continuity of business processes. Although the solution has been recently introduced in the market, it has already managed to gain a good reputation. Thus, it was successfully deployed at TANECO JSC, one of the largest petroleum refining companies in Tatarstan.
This workshop is included in the series of events jointly held by ICL, Check Point and Kaspersky Lab. The next workshop will be held in Krasnoyarsk in November.