by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : November and December 2015
U ntil recently, the Industrial Control Systems (ICS) industry saw itself as somewhat of an island. It was secure in its isolation from the Wild West of the Internet and the growing threat of cyber-attacks unleashed on networks and IT systems. As the formerly proprietary world of ICS has become increasingly dependent on commercial off-the-shelf (COTS) IT, that complacency has disappeared. The security of most ICS environments is now described by many people in the industry as a “train wreck.” It’s all but non- existent. Using COTS technology and TCP/IP networks for connecting systems has opened ICS environments to the host of cyber threats now assaulting traditional IT systems. The term ICS generally encompasses supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), programmable logic controllers (PCS), remote terminal units (RTU), intelligent electrical devices (IED), basic process controllers (BPCS), safety instrumented system (SIS), and operator panels and ancillary systems. The security trend in the industry, which is fortunately gathering speed, is to integrate ICS systems with IT networks and connect them through the Internet in order to improve the overall ICS capabilities. “Advanced persistent threats (APTs) are a major headache targeted at COTS products,” says Leo Medina, systems engineer at Juniper Networks. It’s a matter of simple crossover. “If you are using an off-the-shelf product that’s vulnerable to an APT, then [ICS COTS users] are going to take that vulnerability along with it.” WAKE UP CALL While the ICS security problem has been developing for years, it wasn’t until the Stuxnet worm was discovered in 2010 that governments around the world became fully aware the extent of the problem. They realized their critical infrastructures, which were wholly dependent on ICS running smoothly, could be threatened by cyber thieves and hostile states. Stuxnet was the first example of an APT found to have affected an ICS/SCADA environment. It was used to attack equipment at Iran’s Natanz nuclear facility, including the centrifuges used to enrich uranium. It was apparently introduced into the computers that controlled and monitored the centrifuge speed. A similar approach might have been adopted for other systems to get them to override safety interlocks. The ICS at Natanz were apparently air-gapped from the regular Internet and therefore presumed safe from the kind of remote attacks that had besieged traditional IT environments. However, Stuxnet was designed to be spread using USB flash drives. It was suspected to have been introduced via a contractor’s computer connected in some way with the Natanz computers. It reportedly first penetrated Natanz systems at least a year before it was discovered, giving it a lot of time to find vulnerabilities and compromise the ICS. When analysts examined the Stuxnet code, they were astounded by its sophistication and complexity. It was well beyond Shutterstock.com Web Threats Target Industry Industrial systems across the globe face increasing risks from cyber-threats. SPECIAL REPORT CYBER-THREATS AND INDUSTRIAL SECURITY Sponsored Content