Three Steps to Perform an Industrial Cybersecurity Audit

The current landscape of cybersecurity in industrial control systems (ICS) and IIoT is that, as connectivity between devices and networks grows, threats grow at an exponential rate.

The vulnerabilities related to ICS are increasing day by day, and it is not necessary to comment that the lack of service in this type of infrastructure has a very high potential impact, both economically and in terms of the safety of people and the environment.

It is vitally important that companies face these threats by planning and executing effective defense-in-depth strategies, for example, based on the framework of the IEC62443.

Cybersecurity audits offer companies looking to protect their ICS an initial mechanism to evaluate and detect the state of maturity in which they are found, auditing their assets, networks, and data flows.

An industrial cybersecurity audit should include these three steps:

1. Discovery and inventory of assets

Although it may seem like a relatively simple task, most operators do not have complete visibility of the assets they need to protect or how the PLC’s, HMI’s, SCADA systems, etc. intercommunicate with each other:

• This point is useful for the classification of assets, documenting their properties, and prioritizing the criticality of each one.
• It is critical for audits. If you don’t know what’s there, you won’t know what to protect.

2. Network analysis

The asset inventory allows companies to understand how assets are connected and, therefore, what networks they make up. This allows the analysis of how the network is architected and to understand what routes a potential attacker (human or not) could follow to gain access to the network.

In other words, it allows knowing the scope and impact of a potential intrusion.

Making a physical and logical map of the company’s network ensures our success in advancing the industrial cybersecurity audit.

But the network is not only the equipment that creates it, but also the traffic that circulates in it. Understanding the data flows between devices is essential.

Many of the industrial protocols currently used do not have cybersecurity functionalities (neither authentication, nor encryption, nor integrity), which is why many of the attacks can be executed successfully.

Industrial cybersecurity audits must understand and evaluate the operation of these protocols and how the use of physical means of communication can affect the real-time and/or determinism requirements of industrial communications.

3. Search for known vulnerabilities

The vulnerabilities can be of many types:

• Programming failures of the applications used as failures in the base operating systems used in industrial equipment
• Configuration failures of systems, software or network electronics
• Uncontrolled physical accessibility to assets
• Lack of redundancy in critical systems
• Inefficient designs
• and a long etc.

One of the main missions of any cybersecurity audit is to detect these vulnerabilities to prevent them from being exploited maliciously.

Conclusions

Let us remember that the typical attack vectors are:

• Manipulate existing devices taking advantage of operating system vulnerabilities. Malware installation
• Add new assets or services on the network
• Lateral movements
• Modify the network configuration to gain access to different layers.

With this panorama of constantly evolving threats, some practices of the past are no longer the most appropriate.

To avoid this, a cybersecurity audit that offers a complete visibility of the assets, how they interconnect on the network and what their behavior is, allows determining the degree of exposure to cyberattacks, data leaks, problems with the privacy of users and databases, website security, level of system optimization, as well as any risk in day to day.

In short, after carrying out an industrial cybersecurity audit, one can be aware of the degree of vulnerability of industrial systems against possible cyberattacks. Once the weaknesses have been determined, it is easier to apply countermeasures to eliminate or mitigate these vulnerabilities.

If you need more information about Industrial cybersecurity audits, do not hesitate to contact us!