Cybersecurity Attacks On The Rise
In 2012, 40% of cyber attacks against critical infrastructure in the U.S. targeted energy assets. The number and sophistication of the attacks continue to pose a considerable threat to international industries in all sectors, with disastrous economic, safety and health consequences.
As a result, the U.S goverment, working with international standards organizations, issued a 10 year plan to secure U.S. critical infrastructure. Presidential Policy Directive-21, released February 2013, identifies energy and critical manufactering as crucial segments of the U.S. critical infrastrucure and national defense.
In February 2014, NIST released the "Framework for Improving Critical Infrastructure Cybersecurity" that establishes a five function cybersecurity process (Identify, Protects, Detect, Respond and Recover) and ties those functions to specific activities and applicable standards. These standards establish the processes necessary to secure critical infrastructure. The Framework is based on NIST SP 800- series standards as well as those from international standard bodies including ISO, IEC, COBIT and ISA. The cybersecurity community believes that the Framwork will emerge as the de facto standard for securing critical infrastructure throughout the world.
The Numbers of Today
Your System Is Only As Secure As Your Weakest Link
Your control system might be running on 20 year old technology.
"Don't fix what is not broken" is a suiting term when it comes to control systems. And you shouldn't have to upgrade your PLCs, computers, HMIs etc. every other year, just to make it more secure.
But when you take old SCADA and control systems out of their isolation, connecting them up to IT infrastructures, you are undoubtedly making them more vulnerable to attacks such as malware, viruses, industrial espionage and sabotage.