omniture

Insidious ICS Hacks Underscore Need of Industrial Control Systems Hardening at the Network, Endpoint, and Protocol Level

ABI Research
2023-04-25 20:30 1712

NEW YORK, April 25, 2023 /PRNewswire/ -- Industrial Control Systems (ICSs) including Supervisory Control and Data Acquisition (SCADA) systems and Programmable Logic Controllers (PLCs) are the basis of critical industries, but many were not designed for an increasingly connected industrial environment and usually lack rudimentary security features. Only less than 5% of critical industrial infrastructure is monitored for threats and this means advanced malware such as the ICS-specific Pipedream malware can wreck-havoc on industrial organizations. Newer malware like Pipedream can infiltrate ICSs across industrial sectors, making them more versatile than previous industrial malware that were dedicated to specific industrial segments. Hackers can run amok in ICSs for months or even years before being identified. By that time, considerable damage can be done, even if the system appears to function.

ABI Research, a global technology intelligence firm forecasts that by 2030, connected machines and production systems within factories will exceed 1.2 billion connections. Industrial 4.0 and industrial Internet technology investments are expected to grow from US$41 billion in 2022 to nearly US$200 billion by 2030. This burgeoning environment clearly expands the attack vector, and given the assortment of networks, endpoints, and connection protocol heterogeneity, will contribute to a variety of security solutions.

To mitigate attacks against industrial organizations, it is necessary to adopt three major ICS hardening solutions in parallel with each other. These solutions are endpoint and network security, as well as securing ICS protocols. Basically, these are areas where hardening takes place.

"An attack on network infrastructure targets the connection between ICS devices and the SCADA system or attempts to intercept data in movement. This could include eavesdropping on network traffic, disrupting network communications, or exploiting vulnerabilities in network devices, such as switches or routers. An ICS cyberattack could also target the data stored within ICSs. An attack on endpoints, targets applications, systems, or devices that are connected to an industrial control network," explains Michael Amiri, Senior Industrial Cybersecurity Analyst at ABI Research.

The majority of ICS connected components, such as PLCs, are still connected via physical fixed lines, such as Ethernet technology using cables. "Most of all other connected industrial applications from industrial pumps, intelligent industrial electric motors, and connected robots to HMIs are also connected with fixed lines. This means protocol cybersecurity and the use of firewalls, authentication technologies, and unidirectional gateways will see strong demand for the foreseeable future," Amiri says. 

Amiri notes that other modes of connectivity in industrial settings including 5G and LPWA-LTE are rapidly growing and will be prominent modes of industrial connection by 2030, meaning that vendors that provide 5G network security will see a ripe market for growth. "The market for fixed-line security will be the largest, but 5G connectivity security is the most promising, especially for new entrants into the market," he says.

The ICS cybersecurity environment can generally be categorized into software cybersecurity providers, hardware security, and the manufacturers of ICS equipment. Larger companies, such as ABB and Siemens, provide all these services. Others, such as OTORIO or Irdeto, are software cybersecurity companies that focus specifically on software solutions installed on the network. NXP is a semiconductor and Microcontroller Unit (MCU) manufacturer, yet advanced chips are increasingly deployed in industrial equipment and network connectivity, so they can be categorized as an integral part of ICS components.

These findings are from ABI Research's Industrial Control Systems Security: Hardening Networks and Endpoints application analysis report. This report is part of the company's Industrial Cybersecurity research service, which includes research, data, and analyst insights. Based on extensive primary interviews, Application Analysis reports present in-depth analysis on key market trends and factors for a specific technology.

About ABI Research

ABI Research is a global technology intelligence firm delivering actionable research and strategic guidance to technology leaders, innovators, and decision makers around the world. Our research focuses on the transformative technologies that are dramatically reshaping industries, economies, and workforces today.

ABI Research是一家国际科技情报公司,为全球科技领袖、创新人士和决策者提供实用的市场研究和战略性指导。我们密切关注一切为各行各业、全球经济和劳动市场带来颠覆性变革的创新与技术。

For more information about ABI Research's services, contact us at +1.516.624.2500 in the Americas, +44.203.326.0140 in Europe, +65.6592.0290 in Asia-Pacific, or visit www.abiresearch.com.

Contact Info

Global
Deborah Petrara 
Tel: +1.516.624.2558 
pr@abiresearch.com    

Source: ABI Research
collection