Many ICS systems are easily accessible to hackers, as this investigation by the research-based publication Cybernews.com shows. The threat landscape continues to evolve. Gartner points out that as OT systems are changing, so are the threat actors’ tactics and techniques.
Hackers remain the top source of ICS network intrusion, a SANS survey of 480 cybersecurity practitioners found. Weak security protocols and lack of standardization contribute to IoT attacks in the Critical Infrastructure sector, notes this article published by the World Economic Forum.
Top Threats Impacting Critical Infrastructure
Cybersecurity Fundamentals and Best Practices
Government agencies, industry-specific organizations, and professional cybersecurity services firms offer guidance around creating and implementing the right cybersecurity program. Below are several articles and websites outlining best practices around Critical Infrastructure defense. One of the core cybersecurity frameworks recognized worldwide is from the U.S. National Institute of Standards and Technology (NIST). NIST’s SP 800-82, “Guide to Industrial Controls Systems (ICS) Security” includes an overview of ICS, covering security fundamentals such as risk management and assessment, security architecture, and the application of IT controls to ICS, as well steps for responding and recovering from security incidents.
These resources offer ‘at a glance’ best practices:
Performing asset inventories
Enforcing user access controls
Creating a cybersecurity culture
Securing the supply chain
Implementing threat detection and monitoring