Page 17 - 2016
P. 17


Traditional network monitoring solutions only support the engines, electrical utilities, petrochemical plants, and water
standard protocols and therefore are limited to monitoring treatment facilities.
physical measurements and looking for anomalies. They

cannot capture changes to PLC logic and critical control Taking the first steps toward ICS security
operations which provide better visibility into malicious or In order to effectively protect critical infrastructures from
unintended activity before physical changes are manifested. cyber-threats a comprehensive inventory of assets deployed
This represents a huge blindspot for facility operators. in each environment is required. This includes building an
asset and configuration database that is automatically
Industrial networks are attractive targets for cyber attacks updated based on network changes, and maintaining a log
Operational networks are also at risk due to design of all changes to allow for recovery in the event of a security
problems and vulnerabilities in assets themselves. incident and operational disruptions.



Specialized ICS network monitoring solutions that
“Yet most PLCs are never understand the specific OT protocols, including

patched since Industrial proprietary implementations used for critical control
operations, should be used to gain real-time visibility into
Control engineers prefer
activity that can impact PLCs and the processes they
network stability at all control.

costs”
In addition, rule-based policies can be enforced to prevent
unauthorized changes and stop attacks.

Over the years many PLC vulnerabilities have been
documented, including some that can be exploited Conclusion
remotely to disrupt operations and cause damage. The emergence of cyber-threats is forcing the industrial
sector and governments to take a long, hard look at how
Yet most PLCs are never patched since Industrial Control they protect critical infrastructures.
engineers prefer network stability at all costs. Patching
PLCs is difficult, can cause disruptions or downtime, and The current lack of visibility and security controls
can lead to reliability issues and other operational combined with the presence of unpatched vulnerabilities

problems. in OT networks is placing facilities at risk.


It is also common to find unpatched workstations still In order to prevent unintended changes by insiders and
running legacy operating systems like Windows NT and protect systems from external attacks, we need to invest in
XP in operational environments due to the same concerns ICS-native monitoring and control technologies.
regarding operational stability and reliability.
About the Author
As a result, malicious code can be used to remotely access Barak Perelman is CEO of Indegy, an industrial cyber-
and compromise Windows-based systems inside industrial security firm that improves operational safety and

control networks. From here, it is possible to attack PLCs reliability for industrial control networks by providing
and compromise industrial processes that control turbine situational awareness and real-time security.







CYBER DEFENSE MAGAZINE - ANNUAL EDITION 17
   12   13   14   15   16   17   18   19   20   21   22