The Benefits of ICS Network Monitoring Throughout the Entire Industrial Control System’s Lifecycle

  • July 22, 2016
  • Feature

By Preston Futrell, VP of Sales & Marketing, NexDefense

Critical infrastructure and industrial organizations are under constant pressure to do more for less despite mounting financial, operational and compliance restrictions. To meet these demands, facility owners and operators are increasingly looking to modern information technology (IT) as a cost-efficient way of improving efficiency and productivity, as well as upholding reliability and to maintain integrity.

Unfortunately, the majority of the automation and control systems still in use were built long before connectivity was even a thought. As such, most operators of this legacy equipment lack the network visibility and situational awareness needed to ensure reliability and availability, or to discover and stop increasingly frequent and sophisticated cybersecurity attacks.

Recognizing both the reliability and security vulnerabilities that come with converging innovative IT with traditional operational technology (OT), engineers and security professionals alike have begun to actively encourage their organization’s leadership to adopt ICS-specific solutions to alleviate these concerns. ICS network monitoring, for example, can help maintain the reliability of mission critical equipment. It does so by providing real-time visibility of misconfigurations, remote connections operating improperly and incorrect commands unintentionally introduced by simple human error. Likewise, network monitoring also provides the visibility and situational awareness needed to passively unearth attempts at unauthorized access and suspicious communications that may signify malicious reconnaissance activity or, even worse, an imminent cyber event.

While technology that supports reliability efforts remains the number one priority for most engineers, the cybersecurity benefits should not be understated in what has become an era of increasingly sophisticated and frequent attacks. In fact, just a few weeks ago, the consulting firm Booz Allen released a report on ICS cybersecurity, which concluded that “sophisticated and widespread campaigns to steal data and gain access to industrial control systems through cyber attack” were underway.

Adding network monitoring to legacy systems is essential for organizations needing to ensure reliability and minimize cybersecurity risk, yet doing so is not without challenge. Specifically, the plethora of legacy equipment’s established vulnerabilities makes it difficult to establish a baseline for network activity that should be considered ‘normal.’ Thus, false positives and the need for excessive and time-consuming equipment maintenance and systems upgrades can elongate the implementation process.

Fortunately, the fix to this challenge is simple: make network monitoring inherent to new equipment.

The Need for Network Monitoring in New Equipment

Because manufacturers are currently producing new control systems as legacy equipment is reaching end of life, the opportunity to implement ICS-specific technology into new equipment is quickly approaching – if not already here. 

In an era in which connectivity and cyber attacks threaten reliability like never before, incorporating network monitoring into control systems from the very beginning is primed to become the norm. Industry has spent a lot of time addressing the need and implications of adding network monitoring to legacy systems, but has not talked enough about the benefits of network monitoring inherent to equipment.

In fact, the benefits are profound to manufacturers, systems integrators and end users alike during all four phases of the ICS lifecycle: design, install, operate and maintain.

Manufacturers: Network monitoring aids manufacturers during the physical and logical network layout by allowing them to preplan for desired visual and logging for systems, sensor connection and placements. The visibility also allows the manufacturer to identify any misconfigurations while engineering the system. This intelligence, in turn, helps establish an accurate baseline of communications.

Systems Integrator:  For systems integrators, having network monitoring inherent to ICS equipment allows them to track networked assets during commissioning. It also enables them to set alarms on anomalies during network expansion, using that information to establish white, grey and black lists for known and trusted communications as a means to proactively address threats to reliability and cybersecurity concerns.

End User: Incorporating network security monitoring during the design phase provides the end user with a complete history of the system’s network operations. This means that owners and operators know everything that has been changed, patched or upgraded throughout its entire lifecycle. This capability allows for more reliable operations and maintenance – such as asset tracking, real-time analysis and network event forensics.

In all, there is high value in network monitoring for industrial control systems throughout equipment’s entire lifecycle – from design, to install, to operation and maintenance. While adding the solution to legacy ICS is undoubtedly necessary, manufacturers and systems integrators must begin recognizing the benefits of implementing security from the very beginning. Doing so can truly reduce vulnerabilities and accurately identify threats that could negatively impact reliability.

About the Author

Preston Futrell is the vice president of sales and marketing at NexDefense, a provider of cybersecurity for industrial control systems. 

Learn More

Did you enjoy this great article?

Check out our free e-newsletters to read more great articles..