In the last few months there have either been an increased number of attacks on critical infrastructures, or increased media attention to the few that have occurred. Either way, when the spotlight is pointed in your direction, you have to be ready for the attention. Do you need to worry about Duqu, Stuxnet or any attack that steals intellectual property? Although many would agree the probability of a nation state cyber-attack is low, I wear my seatbelt on the way to work because if something does happen, I want to be able to walk away. Same goes for industrial control systems – it’s not necessarily the giant cyber-attack you’re concerned with, but if something happens you want to be able to recover quickly, and relatively unscathed. In the case of the reported Illinois water plant hacks, thanks to their event logging, they were able to finally confirm there was no hack associated with the pump failure.
As this incident has pointed out, monitoring what is actually going on within the control environment is essential. I attended the NERC Grid Security Conference in October where a representative from DHS stated if you were to do anything, it must be logging. After all, criminals are like water and electricity; they will always look for the path of least resistance. If your PCS or SCADA system is connected to the Internet, monitoring and protecting this environment is critical! When patches are released in the ICS environments, owners need to concern themselves with implications to the automation environment and ultimately the delivery of service. The Centre for Protection of National Infrastructure in the UK who provides guidelines for operators to protect their systems and premises is an excellent reference point for anyone interested.