Electricity + Control December 2017

Cures – Not Remedies Securing Critical Infrastructure In a Digitally Connected World Goran Novkovic, Valiver

It is important to promote and improve a cybersecurity culture that will lead to the development of cybersecurity programs for any organisation, no matter the size and industry sector, with the ultimate goal of protecting critical infrastructure in the African continent.

I ndustrial Control Systems (ICSs) control geo- graphically dispersed assets including distribu- tion systems such as water/ wastewater sys- tems, oil and gas pipelines, electrical power grids, railway transportation systems, etc. These sys- tems are vital to the operation of national critical infrastructures that are often highly interconnect- ed and mutually dependent systems. Depend- encies of interconnected critical infrastructure across the African continent (or just South Africa) increase the attack surface and potential impact of cyber security incidents. Historically, security in trustworthy ICSs re- lied on physical isolation (air-gaps) and network isolation of vulnerable components, and on the obscurity of the design and access rules for crit- ical control systems. Security was, and still is, en- forced through physical protection, physical locks and alarm management systems. The potential for human error or misuse was primarily through

direct access and concerns focused on disrupt- ing the safety and reliability of the system, with those risks mitigated by good design, analysis and reviews, thorough testing and training. Organisa- tions rarely considered that these critical systems might one day be exposed to a global network, re- motely accessible by many, from legitimate users to hackers. Many existing ICSs are running on legacy sys- tems that were developed prior to cybersecurity being of any concern as it is today. Lifecycles of in- dustrial assets are measured in decades and lack cy- bersecurity requirements. Nowadays, not connect- ing ICSs to the Internet is like telling someone the only way to avoid a car accident is to not get in the car.This might work, but then what about the advan- tages and benefits of a digitally connected world? Playing it safe is always a good plan, but living in a non-digitally connected world is not. Certainly, if you are connected, you have to be protected.

4 Electricity + Control

DECEMBER 2017

Made with FlippingBook - Online magazine maker