How Industrial Control Systems Impact Our Day-To-Day Lives

The technology behind traffic lights, hospital infrastructure, building operations and more is part of what is known as an Industrial Control System (ICS). ICSs are everywhere in the modern world and play an integral role in all our lives.

ICSs: An Overview 

ICS is a general term that encompasses several types of control systems and associated instrumentation used for industrial process control. Such systems can range in size from a few modular panel-mounted controllers to large interconnected and interactive distributed control systems with many thousands of field connections. 

Previously, most equipment and components used in manufacturing and the operation of power plants, water and wastewater plants, transport/transit industries and other critical infrastructures were quite simple, and those that were computerized typically used proprietary protocols. The networks with these components and equipment were air-gapped and protected from the outside world. 

This format has changed over the years, and components of today's ICSs are often connected directly or indirectly to the internet. 

ICSs & Critical Infrastructure Sectors 

Presidential Directive 21 called for classifying critical infrastructures that are vital to the security of the United States. The Department of Homeland Security under Cybersecurity and Infrastructure Security Agency (CISA) has named 16 critical infrastructure sectors. These sectors are as follows: 

  • Chemical 
  • Commercial Facilities 
  • Communications 
  • Critical Manufacturing 
  • Dams 
  • Defense Industrial 
  • Emergency Services 
  • Energy 
  • Financial Services 
  • Food and Agriculture 
  • Government Facilities 
  • Healthcare and Public Health 
  • Information Technology 
  • Nuclear Reactors, Materials, and Waste 
  • Transportation Systems 
  • Water and Wastewater 

Each of these 16 sectors can be divided even further into sub-sectors, giving increasingly specific details about what they contribute to the United States’ infrastructure, as well as why they’re deemed “crucial.” The size of each sector along with its sub-sectors shows the significance of ICS today, as well as the growing challenge that comes with protecting them. 

The implementation of cybersecurity measures on ICSs is critical because the lack thereof can have severe consequences that harm health, safety and the environment. DMI believes that to “properly converge ICS/OT and IT,” everyone involved must have a proper understanding of what an ICS is and the implications it has for their operation. 

Risk Management of ICSs

Understandably, businesses need to be able to access information from the ICS’s Operational Technology (OT). However, the OT must be segmented and protected from external sources and other IT systems. 

Businesses must also implement proper safeguards, including but not limited to:

These are just several suggestions, but remember: an incident on an ICS will have very serious physical and economic implications. 

Let’s look at a recent example from a water treatment plant in Oldsmar, Florida. The plant’s ICS used an Internet-connected human-machine interface (HMI) to control their water treatment processes remotely. However, the water treatment plant was using an insecure remote access technology called TeamViewer without multi-factor authentication.

In February 2021, a malicious actor gained access to the water treatment plant's network and changed the water’s sodium hydroxide (NaOH) concentration from 100 parts per million to over 100,000 parts per million. If the plant’s HMI operator hadn’t noticed the threat, this breach could have not only damaged the plant’s pipes but also injured or killed those who ingested the treated water.

This situation is merely one example of the importance of applying cybersecurity practices on ICSs and the dangers that inadequate cybersecurity controls could have on network infrastructure and society at large. 

An End-to-End Cyber Risk Management Partner 

As businesses continue to implement new technologies, cybersecurity becomes even more critical. In fact, it should be a top priority. 

If you’re dealing with critical systems, we strongly suggest implementing proper layers and practices to prevent a breach.

DMI offers a wide range of cyber risk management services capable of securing and monitoring critical systems, including industrial controls. For more information, visit our website at DMInc.com.

Let's Talk

 

Back to Blog

Related Content

How to Accelerate Your Support for Remote Workers in the Next 30 Days

It seems easy at first. People convene Zoom meetings from their living rooms and share documents on...

Defending Against Industrial Control System (ICS) Cybersecurity Threats Part II: Prevention

As previously discussed, detection is one part of defending against cyber threats within industrial...

Connected Data: The Modern-Day Gold Rush

In 1848, California and the entire United States were changed forever following the discovery of a...