Industrial control systems (ICS) and their facilities are becoming prime targets for cyberattacks. Just look at what happened at Norwegian aluminum manufacturer Norsk Hydro in 2019, or even more ominous — at the Sellafield nuclear plant in 2023.

That's why cyber resilience must be baked into automation from the very start — these systems are integral to a functioning society. We can't just tack on security as an afterthought. It has to be fundamental to how these systems are designed and built.

This article explores the basic concepts behind building cyber-resilient operational technology (OT) while highlighting a few ways the ISA/IEC 62443 series of standards offer guidance.

Expansion of Cybersecurity Risks

Automated systems, particularly those in critical infrastructure, face increasing cyber threats as IT and OT converge. These threats are growing more sophisticated every day. A whopping 85% of cybersecurity professionals believe that generative AI makes social engineering much easier to execute in a cyberattack — and subsequently replicate. 

Let's take a look at some of the most common types of cyberattacks. For the most part, the main cybersecurity risks threatening automated systems include: 

1. Ransomware attacks: JBS, the world’s largest meat processing company, suffered an attack by the REvil group in 2021. Ransomware can easily halt operations and may require substantial ransom payments to restore normalcy.
2. Data breaches: Sometimes, attacks aren’t meant to disrupt operations. Instead, they want data — today’s gold — with the intention of blackmailing victims or further reselling the data. Sensitive data exposure can lead to significant financial and reputational damage.
3. Insider threats: Remember when a disgruntled employee released hundreds of thousands of sewage in Australia in 2000? It might be an oldie, but it just goes to show how old the idea of manually disrupting automation systems really is.
4. Direct sabotage: Other types of cyberattacks targeting ICS can cause physical damage. One of the best-known examples is Stuxnet’s disruption of automation systems in Iranian nuclear facilities in 2010. ISA/IEC 62443-4-1 outlines secure product development practices to help protect against sabotage scenarios, which can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware.

We’re also seeing attacks on other links in the supply chain beyond industrial automation and control systems, including third-party IT vendors.

That’s why attacking an insurance company that uses AI through a vulnerable API, for example, might tell hackers more about an industrial facility that’s insured by the company. Albeit slower, this method may be more effective for the hackers compared to a brute force attempt. 

Designing Cyber-Resilient Automation Systems

With threats not only plentiful but also multi-faceted, the key lies in being proactive and making sure OT can contain attacks if they occur and continue functioning uninterrupted. To achieve that, an organization needs to base their approach on the following four principles: 

Security-by-Design 

Even during the conceptual phase, modern OT must abide by security-by-design principles, introducing built-in security protocols to the fold. A variety of stakeholders and industries can consult ISA/IEC 62443-4-1, which outlines the secure product development lifecycle. 

Any systems connected to ICS must also be strictly vetted, including software, communication platforms and simple access clearances. 

Defense-in-Depth Strategy 

Implementing a multi-layered defense strategy is crucial for protecting automation systems. This involves taking a proactive approach toward network segmentation, access controls and intrusion detection systems. 

In terms of standards, ISA/IEC 62443-3-3 establishes the concepts of zones and conduits. The goal is to ensure that an attack on one industrial network zone does not compromise the entire network. It assumes that robust access controls have also been implemented to prevent unauthorized access.

Real-time Monitoring and Detection 

Continuous monitoring and real-time detection of anomalies are vital for identifying potential threats early. This approach might seem cost-intensive, but it’s the most effective way of preventing large expenditures after the incident occurs. Tools with enhanced threat detection capabilities that incorporate big data analytics can increase the likelihood of identifying sophisticated threats early.

To help with this, ISA/IEC 62443-2-4 provides guidelines for security program requirements for IACS service providers to offer to asset owners during integration and maintenance. 

Incident Response Planning

Even if an organization swears by security-by-design, has a complex defensive strategy and monitors everything in real time, that doesn’t mean they’re completely immune to cyberattacks. 

Hence, a comprehensive incident response plan is essential for minimizing impact and ensuring rapid recovery, and should include:

• Prompt incident containment: Immediate actions to contain the breach, preventing further damage. This includes isolating affected systems and stopping unauthorized access.
• Robust physical and digital asset protection: First and foremost, you need to establish clearly defined communication channels and rules pertaining to the protection of your assets in these types of situations. Only then can you plan out the post-mortem. 
• Recovery procedures: These should be detailed in the organization’s cybersecurity contingency plans. The importance of cybersecurity management plans for asset owners is outlined in ISA/IEC 62443-2-1. Regular training and simulations ensure preparedness.

Conclusion

Despite the buzz around generative AI-fueled cyberattacks and other looming risks, it’s crucial to remain proactive and committed to making cyber resilience integral to organization-wide culture and not just an afterthought. 

And with guidance in the form of ISA/IEC 62443, automation professionals have a global consensus-based series of standards they can rely on to protect their systems and mitigate cyber threats.