Many security engineers and cybersecurity professionals struggle to defend industrial control systems (ICSs) against escalating cyberattacks. Can enhanced visibility streamline threat detection and incident response?
Some of the latest technological advancements have lowered the entry barrier for cybercriminality, causing an influx of previously unknown threat actors to surface. At the same time, cybersecurity and cyber insurance spending have risen substantially, prompting criminals to attack targets that all but guarantee a significant payout.
Previously dismissed security gaps have become glaring as more threat actors target ICSs to impair critical infrastructure. According to data from the Cybersecurity and Infrastructure Security Agency (CISA) and its partner, 34% of common vulnerabilities and exposures (CVEs) reported in the first half of 2023 have no remediation or patch available.
Both parties analyzed common CVEs to categorize them by criticality. According to their findings, 65.2% of the CVEs reported in the first half of 2023 have high or critical importance. CISA went as far as to dub them “forever-day” vulnerabilities, revealing a substantial number of vendor products have no patch, update or known workarounds available.
The ability to proactively identify and stop cyberthreats grows more crucial as the latest technological advancements accelerate threat evolution and cyberattacks progressively become more sophisticated. Cybersecurity professionals must acknowledge the increasing importance of comprehensive visibility in ICS cybersecurity.
In the US, the White House stressed this sentiment in a 2021 memorandum on ICS security, noting institutions can’t defend against unseen threats. It indicated visibility is central to mitigating cyberthreats and ensuring safe operations. While it acknowledged solutions will vary across infrastructure sectors, it stressed the need for consistent, baseline cybersecurity goals.
The US government is no stranger to the intricacies of the threat landscape, so its statement holds weight. It spent over 11 billion USD of its 90 billion USD IT budget on cybersecurity in 2023. In line with these suggestions, security engineers should prioritize comprehensive visibility in ICS security to protect critical infrastructure against escalating cyberthreats.
Security engineers and cybersecurity professionals must consider the four visibility factors to effectively implement them in their current strategies.
Cybersecurity professionals can only protect infrastructure sectors from cyberthreats if they have an inventory of their physical and information assets. This way, they know how to classify and prioritize each one.
While cyberthreats vary widely depending on the infrastructure sector and targeted asset, there tends to be a pattern. Cybersecurity teams should use industry- and business-specific data to gain insight into relevant threats to understand how to document and prioritize them.
Cybersecurity teams that understand where their facility’s weak points are and how impactful a cyberattack could be can accurately prioritize them. This way, they know where to funnel their resources and attention.
While many overlook the importance of cybersecurity professionals’ roles, it is a crucial part of comprehensive visibility. Every team member must understand their daily responsibilities and incident response duties.
In the context of ICS, cybersecurity visibility involves a combination of integrated real-time monitoring tools, anomaly detection systems, consensus-based standards and robust incident response protocols. The goal is to identify threats, detect indicators of compromise and mitigate cyberattacks proactively.
Enhanced visibility helps security engineers and cybersecurity professionals identify, detect, categorize and respond to cyberthreats before any damage is done to critical infrastructure. Teams can prevent more cyberattacks since these processes take place in real time.
Cyberattack frequency is worsening, so real-time threat detection and response are increasingly crucial. In 2022, 40% of the total number of ICSs worldwide experienced at least one malicious attack. Cybersecurity teams should not wait to deploy a solution — it may soon be too late.
Considering the average ransom demand reached more than 7.2 million USD in 2022, cybersecurity teams may have to worry about how a successful cyberattack could damage their budgets — not just their supervisory control and data acquisition systems.
Cybersecurity teams can leverage visibility to protect ICSs from cyberthreats. A combination of real-time preventive tools and industrial-specific security frameworks is key.
Cybersecurity teams can use continuous vulnerability assessment to identify, categorize, prioritize and remediate weak points. Constantly scanning and analyzing them provides insight into cyberthreats and incident response tactics.
Network segmentation enhances cybersecurity visibility by helping to more easily pinpoint an attacker’s entry point, location and target. In addition, it minimizes damage and helps protect ICSs from malicious tampering.
Infrastructure sectors can leverage artificial intelligence to monitor system logs, network traffic and access attempts in real time. This technology can alert cybersecurity teams of anomalous activity as soon as it happens. Additionally, it can analyze historical and current data to provide critical insight into the threat landscape.
The average breach identification and containment length reached 277 days in 2023. Cybersecurity teams should strongly consider leveraging an intrusion detection system since it monitors their networks and alerts them to suspicious activity.
While visibility may seem like a straightforward concept, it has a lot of moving parts and requires continuous consideration. This responsibility may be beyond many teams’ capabilities. After all, 43% of chief information officers reported cybersecurity is the main area where they’re experiencing a skills shortage.
The workforce must prioritize upskilling and development to recognize and respond to security events promptly. Cybersecurity professionals’ roles are one of the four main components of visibility, so their commitment to the cause is crucial.
Security engineers and cybersecurity professionals must work together to enhance cybersecurity visibility in the infrastructure sector. By doing so, they will improve threat identification, documentation and response, better protecting critical infrastructure from worsening cyberattacks.
Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research and other insights from OT cybersecurity leaders.