The growing use of widely available technologies in industrial control systems (ICS) and the growth of more connected, information-enabled enterprises inherently increases security risks, and with it the responsibilities of control system providers and users alike.
Historically, industrial control systems used proprietary technologies, and were generally segregated from the information systems at most companies. The systems were largely incompatible and the commercial technologies that were used in office spaces simply didn’t fit the requirements of control systems.
As commercial technologies advanced in recent decades, they were adapted for use in control systems, improving costs, compatibility, and ease of use. With these improvements, connectivity between systems became simpler and increasingly demanded by users.
Bringing together enterprise-level IT and plant-level operations technology into a common infrastructure creates more opportunities to improve operations, but without proper cybersecurity hygiene may also provide increased opportunities for cyber-attacks against ICS equipment.
Such attacks, if successful, can have severe impact on worker, environmental and product safety, intellectual property, reputation and productivity.
These challenges are changing the way ICS providers and users work together, bringing increased responsibilities to each.