Industrial Automation Control Systems (IACS) have traditionally been isolated systems running inside restricted facilities, making them hard to breach. The Industrial Internet of Things has made it a lot simpler for the business to get automatic metrics straight from the production-site, by connecting systems to the Internet. Many organizations also allow control of the systems via the internet; saving labor, time and reducing errors introduced by manual routines. The Internet makes everything more accessible. Criminal organizations, rogue states, and other 'Black Hat' hackers are constantly searching for systems to take control of for their purpose. Every day, bots are scanning the web, looking for insecure, exploitable systems. Many companies have experienced attacks over the years, and only some of these have reached the media. For example, the Ukrainian Power grid was hacked. Colonial Pipeline in the USA was hacked. Social engineering is utilized to get access to company secrets or to give access to restricted information or areas. Without appropriate measures, an entire facility can be put out of commission by just putting a USB disk into an unsecured computer.
We use the term cybersecurity as the ability to prevent, detect and respond to harmful actions to an Industrial Automation Control System. The ISA/IEC 62443 standard lists several security levels, ranging from SL0 (no security) to SL4 (highest security). It sets specific requirements that must be met to fulfill a given security level. The higher the security level that has been properly implemented, the harder it becomes to breach an Industrial Automation Control System.
Control systems can be considered more secure when they have:
- Several layers of security, where each layer implements one or more barriers to provide protection.
- Logging and detection, which aims to give notification about barrier breaches.
- Responses and actions, that are triggered by the detection mechanisms