No chance for cybercrime
Cybercrime is booming. According to a current study by IT security vendor McAfee, these attacks cost companies some 600 billion dollars a year – and the trend is rising. Where various industries have hitherto used digitalization primarily to connect their networks and control systems together so as to enhance performance, reliability and efficiency, now it’s important to protect those systems effectively.
Whether through human error, damage by disappointed employees, or even attacks by governments, terrorists or hackers – cyberattacks on industrial control systems have now become an everyday problem. According to one article from US News & World Report, 150 energy and electricity utilities reported they had been victims of attacks from cyberspace in 2016. Over 80 percent of these companies expected physical damage to their facilities in the coming year.
According to a trend report from Mandiant, hackers or malware tend to go undetected for an average of 101 days, during which they can do their damage unhindered in networks or control systems. Still worse, some 38 percent of the companies affected don’t even notice they’ve been attacked, and only learn of it from outsiders like a justice ministry or other security authorities.
Cyberattacks can have serious consequences
As Operational Technology (OT) networks increasingly connect with conventional Information Technology (IT) networks, operators of industrial control systems (ICSs) from a wide range of industries are converting their networks from serial communications to IP-based communications – which offer not only better performance, but greater reliability and efficiency.
But that connection also involves potential vulnerabilities and risks for industrial controls, especially in industries with critical infrastructures like energy supply, transportation, healthcare, water, and the food and beverage industry.
A successful attack on an IT network primarily does its damage in day-to-day operations, for example through data theft. But an attack on an ICS can have far more serious consequences. It might result in lost production if it causes a plant shutdown, or data manipulation can result in damage to systems and infrastructures and even pose a threat to life and limb for employees or outsiders.
A reliable partner
Of course it’s impossible to prevent every threat. But effective strategies can help prevent human error, detect and isolate attacks, minimize their effects, and make ICSs more resistant to cyberattack.
But what can people do about cyberattacks? The solution lies in a defense in depth that involves different levels and blunts the claws of an attack. Siemens, as a Trusted Advisor with many years of experience, offers a time-tested Defense in Depth concept that incorporates plant security, network security and system integrity.
You can find out the details of how that works from our white paper, “Securing Industrial Control Systems.”