Every new or upgraded industrial control system becomes more and more connected to external networks outside the site fence. Not just the ubiquitous internet but also via a host of other networks designed to collect and exchange massive amounts of data in real time. Businesses have become addicted to automation and its associated information exchange and there is no sign of this trend slowing down. Unfortunately, this rapid increase in connectivity has not been without side effects. As industrial control systems have evolved to better leverage massively improved data networks something else has happened in parallel, the emergence of the real and deliberate hacker threat to the industrial control system platform.
In the early and innocent days of hacking many of the attacks on control systems were inadvertent. Control systems were just victims of their newfound reliance on the Window’s operating system to reduce cost and development time. Early attacks focused on the Windows operating system and its numerous weaknesses, the industrial control system was simply collateral damage. Fast forward to 2010 and with the emergence of Stuxnet and all speculation about the possibility of a focused, complicated and deliberate attack on a control system platform disappeared. This signaled the reality of a new era where hackers had found motivation to attack industrial control systems either for simple commercial gain or more complex and nefarious reasons. The hacker was aided in this endeavor by the unavoidable fact that industrial control systems are in service for longer than business systems and their inevitable vulnerabilities become better know. To gain a better understanding of the threats and issues the industrial control system now faces it is useful to look at how it came this through the emergence and evolution of the hacking threat over the last twenty years.
To learn more on Daryl Wheatley and Shyamal Sharma’s MESA presentation, please click here MESA Conference_Cybersecurity. Evolution of the threat to Industrial Control Systems.