Cyber-attacks against industrial systems have become reality rather than fiction, and their number is increasing day by day. Over the past six years, business and supply chain disruptions have become one of the most worrying risks around the world. Industrial safety is more important than protecting business and reputation. While protecting industrial systems against cyber threats, many important ecological, sociological and macroeconomic factors should be considered.
Operational technology/Information Technology
Industrial Control System (ICS) as defined by automation standard IEC 62443; It is the sum of the personnel, hardware and software that can affect or control the safe, secure and reliable operation of industrial (technological) processes.
The international series of IEC 62443 standards; sets out the essential requirements for avoiding safety risks for component manufacturers, system integrators and operators. With this standard, you can organize your action and continuous improvement plans by learning what standard your network security should be in your industrial system.
IEC 62443 is mainly built on the ISO/IEC 27001 standard, which contains the rules for IT security. Together, these two standards provide a holistic approach to protecting companies against cyber threats.
Industrial Control Systems include but are not limited to:
- Distributed Control Systems (DCS), Programmable Logic Controllers (PLC), Remote Terminal Units (RTU), Intelligent Electronic Devices (IED), Data-Based Control and Surveillance System (SCADA) and diagnostic systems.
- Internal, human, network and machine interfaces to provide continuous, aggregated, discrete and other process control, security and operational functionality.
At a higher level, every industrial system infrastructure can be divided into two key areas:
- Information Technology (IT): systems necessary to manage data in the context of business purposes.
- Operational Technology (OT): systems required to manage the physical and industrial processes of industrial automation.
In addition to malware and targeted attacks, industrial enterprises face threats and risks that target people, processes and technology. Underestimating these risks can have serious consequences.
Cyber incidents and factors can be:
- Errors made by SCADA operators and subcontractors (service providers),
- Fraud activities,
- Cyber sabotage,
- Compatibility issues,
- Lack of awareness and concrete data for forensic investigations.
You can reach us at info@cfecert.co.uk to get information about the standards and trainings your company needs in the field of information management and security.
