SA operational technologies open to attack

7th September 2017

     

Font size: - +

Local organisations slow to mitigate risks facing Industrial Control System (ICS) /SCADA systems

South African operational Industrial Control System (ICS) /SCADA systems are becoming increasingly intelligent and connected, and therefore increasingly at risk of attack.

“While a major breach has not yet been reported in South Africa, it is only a matter of time before a mission critical ICS fails due to cyber attackers, malware, hacktivists or disgruntled employees, and organisations running mission-critical operational technologies (OT) start to realise they have to take network security and information security seriously in the OT environment too,” says Mark Linnell, Major Account Manager at Fortinet.

Tommy Thompson, Lead Consultant OT CyberSecurity at nClose, says the South African market is not yet mature in terms of OT security, although some local attacks have already been documented. “We have seen at least one targeted attack and one related to malware in South Africa. But local organisations tend to be reactive, so until there is a major breach, many will be slow to move to mitigate their OT risk,” he says.

OTs in use across manufacturing, mining, oil and gas, utilities and retail are increasingly the targets of attack around the world, as competitors, criminals and hacktivists take advantage of vulnerabilities to shut down operations, slow production, or hold organisations to ransom.    

This can result in financial losses, lost IP, reputational damage, and critical downtime that drives customers to competitors, or even results in organisational chaos, says Linnell. Attacks on public utilities, critical infrastructures, and interconnected services in smart cities could pose a range of risks to public safety.

In recent international attacks, Iranian hacktivists gained access to the control system for a dam in the suburbs of New York, hackers infiltrated a water utility’s control system and changed the levels of chemicals being used to treat tap water, and a group of hackers took over computers at an electricity control center, plunging parts of the city of Kiev into darkness.

“Automated, intelligent systems are improving quality of life, but at the same time, attacks on these systems could seriously impact quality of life. It’s a dark picture,” says Linnell.

He cites Forrester’s 2016 Industrial Control System Security Trends report sponsored by Fortinet, in which 78% of respondents stated that security attacks drove their SCADA/ICS security strategy, and 77% of organisations said their SCADA/ICS had experienced a security breach. Fallout from those breaches ranged from impacted ability to meet compliance standards to issues with maintaining functionality and employee safety.

Fortinet notes that securing ICS/SCADA systems can be complicated by legacy environments, environmental, geographic and regulatory issues. But these issues can be addressed by implementing ubiquitous security and posture control; using a tightly integrated solution in form factors that are designed for the extreme environments in which they must be deployed.


Thompson notes that SCADA environments are all very different: “A dairy’s system vs a roads agency system, for example, differ considerably. To effectively mitigate risk, each organisation needs to analyse its risk, identify mission critical processes and OT systems and start segmenting like assets with a product like Fortinet.”

“The Fortinet Security Fabric allows for IT and OT infrastructure managers to develop end-to-end security segmentation within and throughout the converging IT/OT—essentially a Zero Trust Model,” says Linnell.
Fortinet’s dedicated Security Solutions for ICS and SCADA deliver top-rated, industrial-control-specific protection from advanced threats, high levels of reliability and longer lifecycle appliances designed for harsh environments and compliance with FIPS 140-2 and Common Criteria EAL 4+.

With network security features such as application- and user-identity awareness, content security with integrated intrusion prevention, antivirus, and web filtering, SSL encryption/decryption and advanced threat detection and remediation, Fortinet secures east-west traffic in the often-neglected OT environment.

With FortiManager and FortiAnalyzer consolidated through a FortiGate, the enterprise is assured of centralised configuration with reporting, visibility, and event logging to create a comprehensive, real-time network monitoring and control centre, while FortiGate Rugged next generation firewalls are built to withstand extreme temperatures, harsh climates, and hazardous locations.

Edited by Creamer Media Reporter

Comments

The content you are trying to access is only available to subscribers.

If you are already a subscriber, you can Login Here.

If you are not a subscriber, you can subscribe now, by selecting one of the below options.

For more information or assistance, please contact us at subscriptions@creamermedia.co.za.

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?

MAGAZINE & ONLINE

SUBSCRIBE

RESEARCH CHANNEL AFRICA

SUBSCRIBE

CORPORATE PACKAGES

CLICK FOR A QUOTATION