Introduction
IoT devices have greater penetration in manufacturing, healthcare, and business than consumer markets, and this trend is expected to continue.
Industrial Control Systems run critical infrastructure
The piece discusses Industrial Control Systems (ICS) and Programmable Logic Controllers (PLCs) as critical infrastructure components. These systems automate industrial processes across factory assembly lines, power stations, and similar environments.
"Most PLCs will either have a critical service, operate a critical system or service, or be used in a critical system."
Multiple security layers are necessary: human factors, logic protection, secure communications, application-layer security, operating system security, and hardware security. ICS security receives insufficient attention despite its importance. Traditional IT security approaches prove inadequate for industrial environments.
Threats to the ICS
- Malware injection (worms, viruses)
- Software or hardware configuration changes
- Fake messages or orders from attackers
- Identity theft
- Unauthorized observation
Ways to protect your ICS
Traditional Defensive Measures
- Security procedures
- Environmental protection
- Physical protection
- Staff education
Put the Highest Level of Protection Inside the ICS — Embedded Cryptography
- Embedded cryptography
- Digital signatures
- Data encryption
"A simple picture taken in a work environment could provide an attacker" with useful information for compromise.
The article advocates for holistic organizational security governance.