Cybersecurity threats industrial automation (ICS/SCADA)

By Huub Koninkx

The world of Industrial Automation (IA) is increasingly facing cybersecurity threats. Not only foreign nuclear power plants have already been hacked, but also the first objects of our vital infrastructure. VKA has therefore developed a multidisciplinary approach to take IA to the desired higher level.

Industrial Automation 
Industrial control system 
SCADA (Supervisory Control and Data Acquisition) 
Cybersecurity threats

Water defenses, chemical plants, locks, bridges and power plants: all these installations use Industrial Control Systems. Industrial Automation (IA) plays an important role in control, monitoring and reporting.

Systems are increasingly part of networks. Bridges can now be operated remotely, and the systems of different plant locations are linked together to achieve centralized monitoring and reporting.

This evolution from island solutions toward distributed systems and (nationwide) IA networks brings new risks to security and availability. Infrastructure and industry has become vulnerable to hacking, espionage and possibly even terrorism. A pumping station in Zeeland has already been hacked and attacks have occurred abroad on larger facilities, such as a water treatment plant in the U.S. and nuclear power plants in Iran.

Office automation (KA) and the business systems running in it and their linkage to the Internet have meanwhile evolved greatly due to these same threats with anti-virus, firewall and logical access solutions and IT management organizations. Industrial automation, however, still has a lot of catching up to do with regard to cybersecurity.

Fortunately, awareness regarding risks in IA environments is growing and the topic is increasingly on management's agenda. The market is ripe for taking management measures against the aforementioned cybersecurity risks.

Our conclusion is that an approach is needed based on a proprietary vision of Industrial Control Systems (ICS/SCADA) in terms of security, performance, structure, or (security) architecture. The answer is a multidisciplinary approach. We bring the elements of ICT architecture, management and cybersecurity together in their coherence, translating theory and previous experience into practical and appropriate solutions. We guide the necessary culture change regarding information security. (Working under) Architecture and (preparing) threat assessments are some of the important tools for our input.

The result is a reduction of risks regarding cybersecurity, availability and performance, and an increase in decisiveness when threats manifest themselves.

Highberg has successfully applied this approach for several years at Rijkswaterstaat (the executive agency of the Dutch Ministry of Infrastructure and Water Management), among others.

Related articles

divider