In 2017, the UK Government proposed the implementation of the Security of Networking and Information Systems (NIS) Directive, with the aim of improving the security of essential services such as water and energy. Should providers fail to protect their systems, a 17 million [pounds sterling] penalty could be enforced. Here, Nick Boughton, sales manager at leading industrial systems integrator Boulting Technology, discusses why it is important for utility providers to protect themselves from cyberattacks.
Plant managers within utility companies are now demanding more from their industrial control systems (ICS) to deliver operational improvements through smarter, information-enabled machines. As a result, the domains of IT and OT are converging and becoming increasingly connected as many ICSs are now overlapping with enterprise systems to provide accessible, secure information that is visible across organisations. With these increased benefits, however, comes a rise in additional security risks.
Typically working on closed, proprietary communication protocols, the migration to open protocols can present several issues, including unpatched software and hard-coded passwords. Robust systems, such as PLCs, were built to last before network connectivity was even considered.
When connecting a legacy system to an open protocol, it is essential that it is done safely and securely. Security patches can be vital in reducing potential cyber-attacks, however many manufacturers forgo their roll out as the associated costs can be high. Every missed patch makes it much harder and more expensive to ensure a legacy system is protected.
It is these risks that the Joint Committee on the National Security Strategy discussed in late May 2018. If ICSs are not...