Many security engineers and cybersecurity professionals struggle to defend industrial control systems (ICSs) against escalating cyberattacks. Can enhanced visibility streamline threat detection and incident response?
ICS Cyberthreats Are Escalating in Frequency and Impact
Some of the latest technological advancements have lowered the entry barrier for cybercriminality, causing an influx of previously unknown threat actors to surface. At the same time, cybersecurity and cyber insurance spending have risen substantially, prompting criminals to attack targets that all but guarantee a significant payout.
Previously dismissed security gaps have become glaring as more threat actors target ICSs to impair critical infrastructure. According to data from the Cybersecurity and Infrastructure Security Agency (CISA) and its partner, 34% of common vulnerabilities and exposures (CVEs) reported in the first half of 2023 have no remediation or patch available.
Both parties analyzed common CVEs to categorize them by criticality. According to their findings, 65.2% of the CVEs reported in the first half of 2023 have high or critical importance. CISA went as far as to dub them “forever-day” vulnerabilities, revealing a substantial number of vendor products have no patch, update or known workarounds available.
Why Achieving Visibility in ICS Cybersecurity Matters
The ability to proactively identify and stop cyberthreats grows more crucial as the latest technological advancements accelerate threat evolution and cyberattacks progressively become more sophisticated. Cybersecurity professionals must acknowledge the increasing importance of comprehensive visibility in ICS cybersecurity.
In the US, the White House stressed this sentiment in a 2021 memorandum on ICS security, noting institutions can’t defend against unseen threats. It indicated visibility is central to mitigating cyberthreats and ensuring safe operations. While it acknowledged solutions will vary across infrastructure sectors, it stressed the need for consistent, baseline cybersecurity goals.
The US government is no stranger to the intricacies of the threat landscape, so its statement holds weight. It spent over 11 billion USD of its 90 billion USD IT budget on cybersecurity in 2023. In line with these suggestions, security engineers should prioritize comprehensive visibility in ICS security to protect critical infrastructure against escalating cyberthreats.
The 4 Main Factors of Cybersecurity Visibility
Security engineers and cybersecurity professionals must consider the four visibility factors to effectively implement them in their current strategies.
1. Physical and Information Assets
Cybersecurity professionals can only protect infrastructure sectors from cyberthreats if they have an inventory of their physical and information assets. This way, they know how to classify and prioritize each one.
2. Relevant Threats
While cyberthreats vary widely depending on the infrastructure sector and targeted asset, there tends to be a pattern. Cybersecurity teams should use industry- and business-specific data to gain insight into relevant threats to understand how to document and prioritize them.
3. Likely Vulnerabilities
Cybersecurity teams that understand where their facility’s weak points are and how impactful a cyberattack could be can accurately prioritize them. This way, they know where to funnel their resources and attention.
4. Cybersecurity Professionals’ Roles
While many overlook the importance of cybersecurity professionals’ roles, it is a crucial part of comprehensive visibility. Every team member must understand their daily responsibilities and incident response duties.
Cybersecurity Visibility’s Role in ICS Defense
In the context of ICS, cybersecurity visibility involves a combination of integrated real-time monitoring tools, anomaly detection systems, consensus-based standards and robust incident response protocols. The goal is to identify threats, detect indicators of compromise and mitigate cyberattacks proactively.
Enhanced visibility helps security engineers and cybersecurity professionals identify, detect, categorize and respond to cyberthreats before any damage is done to critical infrastructure. Teams can prevent more cyberattacks since these processes take place in real time.
Cyberattack frequency is worsening, so real-time threat detection and response are increasingly crucial. In 2022, 40% of the total number of ICSs worldwide experienced at least one malicious attack. Cybersecurity teams should not wait to deploy a solution — it may soon be too late.
Considering the average ransom demand reached more than 7.2 million USD in 2022, cybersecurity teams may have to worry about how a successful cyberattack could damage their budgets — not just their supervisory control and data acquisition systems.
Ways to Enhance Cybersecurity Visibility in ICSs
Cybersecurity teams can leverage visibility to protect ICSs from cyberthreats. A combination of real-time preventive tools and industrial-specific security frameworks is key.
1. Continuous Vulnerability Assessment
Cybersecurity teams can use continuous vulnerability assessment to identify, categorize, prioritize and remediate weak points. Constantly scanning and analyzing them provides insight into cyberthreats and incident response tactics.
2. Network Segmentation
Network segmentation enhances cybersecurity visibility by helping to more easily pinpoint an attacker’s entry point, location and target. In addition, it minimizes damage and helps protect ICSs from malicious tampering.
3. Threat Analysis
Infrastructure sectors can leverage artificial intelligence to monitor system logs, network traffic and access attempts in real time. This technology can alert cybersecurity teams of anomalous activity as soon as it happens. Additionally, it can analyze historical and current data to provide critical insight into the threat landscape.
4. Intrusion Detection System
The average breach identification and containment length reached 277 days in 2023. Cybersecurity teams should strongly consider leveraging an intrusion detection system since it monitors their networks and alerts them to suspicious activity.
Are Cybersecurity Teams Ready to Leverage Visibility?
While visibility may seem like a straightforward concept, it has a lot of moving parts and requires continuous consideration. This responsibility may be beyond many teams’ capabilities. After all, 43% of chief information officers reported cybersecurity is the main area where they’re experiencing a skills shortage.
The workforce must prioritize upskilling and development to recognize and respond to security events promptly. Cybersecurity professionals’ roles are one of the four main components of visibility, so their commitment to the cause is crucial.
The Power of Cybersecurity Visibility for ICS Defense
Security engineers and cybersecurity professionals must work together to enhance cybersecurity visibility in the infrastructure sector. By doing so, they will improve threat identification, documentation and response, better protecting critical infrastructure from worsening cyberattacks.
Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research and other insights from OT cybersecurity leaders.