Industrial control systems is the term used to identify several types of control systems, including supervisory control and data acquisition (SCADA) systems, process control systems (PCSs), and other smaller control system types, such as programmable logic controllers (PLCs), used in critical infrastructure such as power plants, oil and gas pipelines, electrical power distribution, and manufacturing facilities.
Historically these control systems were kept separate from the corporate network. Because of this isolation they were traditionally difficult to break into because of their separation for health and safety reasons.
More recently, control systems may be running Windows or Linux, using the Internet Protocol (IP) to communicate, giving direct access to SCADA networks via the Internet. Wireless and Bluetooth capabilities allow remote management and diagnosis. These connections to the outside create a massive challenge from a security perspective for the following reasons:
Targeted threats and vulnerabilities are increasing rapidly. The past 10 years have seen a significant increase in the number of APT’s (advanced persistent threats) like Stuxnet, Flame, and Duqu, and industrial cyber-attacks targeting Industrial Control Systems.
Patching to protect against software vulnerabilities is difficult and costly to implement. Patching requires decreased productivity or plant downtime, or may cause unintended consequences resulting in plant failure. Industrial Control Systems can remain unpatched in the field for a significant amount of time, leaving operators vulnerable.
Link to Register: