ICS Security – The Five Key Benefits of Having a Network Map

The critical nature of Industrial Control Systems often means that improving security can seem like a daunting task. For most, it’s the fear of unplanned downtime which stops any improvement efforts before they’ve even started.

But it doesn’t have to be this way. There are a number of steps ICS professionals can take to secure their systems without having to risk their operations. One of the most important, and one that can act as a starting point, is to have an up-to-date, accurate network map of your system.

In this blog we look at five key benefits having a network map can bring and show that if you don’t have one, now is the time to get one.

Benefit 1: Uncover hidden devices and discover connectivity myths

Industrial Control Systems are complex and as they grow it can be all to easy to forget what’s connected to them. In a recent survey by CyberX it was found that 44% of sites have at least one unauthorised or unknown device connected to their ICS.

It goes without saying, if you don’t know it’s connected you can’t secure it.

An up-to-date network map can help uncover these rogue devices, but more than that it can help you start to investigate how those devices are truly connected.

As an example, in a recent ICS test we managed to compromise a system handling several million dollars of transactions. A system thought to be disconnected was actually connected, had admin rights and was protected only using a weak password.

It just shows that you need to test everything, even your own assumptions. A network map can help you start this process.

Benefit 2: Address device security concerns

Connected devices aren’t just for the office or home, the Industrial Internet of Things (IIoT) is on the increase. But just like home devices, security is becoming an increasing concern and vulnerabilities are common.

To prove the point, researchers recently found that 34 randomly selected industrial system apps had 147 security flaws that could be exploited, 59% had insecure authorization mechanisms and 47% employed insecure data storage. Pretty scary stuff, especially when you consider the consequences of an Industrial Control Systems breach.

ICS operatives know of this risk, and in a recent survey 44% said their biggest concern was the ‘increasing presence of connected devices, many insecure by design, in and around ICS environments’.

A network map can help in this situation, as once you know what devices are connected you can start to investigate the security of these, prioritising your efforts accordingly.

Benefit 3: Secure your data flow

Industrial systems used to be isolated from the outside world. But over the years connectivity has increased. Operatives want access to data away from the console, third-parties require access to their production data and suppliers want to ensure that critical machinery is running effectively.

The question is: are these connections really secure?

Research suggests this isn’t the case, and that organisations that allow third party access are 63% more likely to experience a cybersecurity breach than those who don’t.

Having control of your data flow is essential and you need to ensure that third-party connections are as secure as can be. A network map is the starting point of this understanding and allows you to further investigate the security of connections, as well as who has access to the data.

Benefit 4: Bridge the OT IT divide

As an OT professional your priority is to keep systems operational and ensure the safety of your industrial processes. For IT the priority is to keep organisational data secure and to ensure continuous access for company employees.

It’s this disconnect that can often keep the teams apart and can lead to mistrust between the two. Whilst this may have been acceptable in the past, IT and OT systems were completely separated, this is no longer the case.

IT and OT systems have now converged and it is essential that the two teams work together as any IT vulnerabilities could act as a route in for potential attacks.

A network map can act as this wake up call to both teams, clearly showing the connection between the two systems and providing a starting point for increased collaboration.

Benefit 5: Help obtain board level buy in

Cybersecurity should ultimately should sit at a board level and it is their responsibility to ensure that risks are managed, policies are put in place and the required funds are released to improve the security of the organisation as a whole.

However, for many companies cybersecurity can be seen as a tick box exercise, one where an annual pentest is believed to be good enough. Getting board level buy in can be difficult when this is the case and any notion of ‘if it ain’t broke don’t fix it’ needs to be challenged.

Education is the key and surveys show that 68% of FTSE 350 boards have received no training in order to deal with a cyber incident within their organisation.

You certainly don’t want your first security discussion with the Board to be after a breach and a network map can help bring these discussions forward, showing vulnerabilities in your system and alerting the board to the potential consequences of inaction.

Improving ICS security

As you can see having an up-to-date network map is the first step on the journey to improving ICS security. With this information at hand you can uncover what’s connected and where data is going, you can prioritise your security actions, it can act as a catalyst for your OT and IT departments to start to work more closely and it can provide your board with the evidence to release much needed security improvement funds.

We know that achieving security isn’t a one off process and creating a network map is only the start of the journey. That’s why we’ve created our ICS security guide, helping companies to overcome the barriers to security improvement and put you on the path to a secure ICS.