Attacks against industrial control systems (ICS) are on the rise. Cyberattacks are more prevalent, creative, and faster than ever. So, understanding attackers' tactics is crucial. The IBM Security X-Force Threat Intelligence Index 2023 highlights that backdoor deployments enabling remote access to ICS systems were the most common type of attacker action in 2022. The positive news is that 67% of attempts to deploy ransomware through backdoors were foiled by defenders who disrupted the backdoor before the attackers could execute the ransomware.
When attackers see a weakness, they exploit it. According to the IBM report, although the proportion of vulnerabilities with a known exploit declined ten percentage points over the last few years, cybercriminals still have access to more than 78,000 known exploits. This access made it easier to exploit older, unpatched vulnerabilities, highlighting the need for a well-defined vulnerability management strategy, including a better understanding of your attack surface and risk-based prioritization of patches.
Acknowledging these threats, organizations are looking to protect their ICS using a nuanced approach. Many specifically encourage their ICS security professionals to hone their skills and training using respected technical resource providers. These providers can also help IT cybersecurity personnel learn about industrial environments and how best to implement cyber controls relative to the uptime and safety of their organizations' industrial processes.
Towards that end, here are seven providers that ICS professionals can use to train and continuously educate their teams to defend their organizations' ICS.
1. Global Information Assurance Certification (GIAC)
Website: https://www.giac.org/
Among the State of Security's 11 respected providers of IT security training, the Global Information Assurance Certification (GIAC) offers more than 30 certifications to aspiring security professionals. Personnel working in industrial security should consider achieving three certifications.
Global Industrial Cyber Security Professional (GICSP) is a vendor-neutral program that teaches enrollees how to balance IT, engineering, and digital security to protect industrial control systems.
Response and Industrial Defense (GRID) teaches participants how to take an Active Defense approach toward securing an ICS network.
Critical Infrastructure Protection helps ICS security professionals bolster their understanding and implementation of NERC-defined terms and CIP standards.
2. Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems
Website: https://www.cisa.gov/topics/industrial-control-systems
Advancing the security and resilience of ICS is one of CISA's top priorities. As the lead federal agency responsible for helping Critical Infrastructure partners manage ICS security risk, CISA partners with government and industry to deploy the technologies and practices that will guard critical infrastructure from the threats of today while building innovative capabilities to defend against emerging threats on the horizon. CISA offers a wide range of complimentary products and services to support the ICS community's cybersecurity security risk management efforts. Visit this entire catalog of all CISA ICS Service Offerings with additional details for each service listed.
3. Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)
Website: http://ics-isac.org/
The Industrial Control System Information Sharing and Analysis Center (ICS-ISAC) is a non-profit organization whose mission is to "provide members and associated sectors practical information regarding the cybersecurity of their facilities." Members of the Center enjoy access to real-time intelligence feeds to stay on top of the latest ICS security threats. From the secure membership portal, they can coordinate their defensive measures, access webinar events, and participate in regular conferences and briefings on evolving threats. They can also review additional information provided by dozens of separate knowledge centers.
4. International Society of Automation (ISA)
Website: https://www.isa.org/
A part of the Automation Federation, the International Society of Automation (ISA) is a non-profit organization that caters to tens of thousands of industrial security professionals and other automation personnel worldwide. In cooperation with the American National Standards Institute, ISA has developed various standards specifying fundamental ICS terms and concepts, ICS security system requirements and security levels (IEC 62443), and steps to create an ICS security program. It promotes security awareness of these standards via workforce development, training programs, and professional certificate tracks. You can find additional industrial security system resources provided by ISA here.
5. National Institute of Standards and Technology (NIST)
Website: https://www.nist.gov/
The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the United States government that advances measurement science, standards, and technology. The laboratory is responsible for developing the Guide to Industrial Control Systems (ICS) Security – NIST Special Publication 800-82 (PDF), a special publication with two approved revisions as of this writing. Revision three has just gone through public commentary. The document provides guidance on how professionals can secure ICS networks consisting of SCADA systems, distributed control systems (DCS), and other control system configurations like programmable logic controllers (PLC) while continuing to observe each system's performance, reliability, and safety requirements.
6. The SANS Institute
Website: https://www.sans.org/
Another of the State of Security's 11 respected IT security training providers, the SANS Institute, offers training in the classroom from a SANS-certified instructor in a self-paced program conducted online or in a mentored setting. Industrial security professionals can complete several courses with SANS to advance their careers, including two in partnership with GIAC to obtain GICSP and GRID certification. They can also deepen their knowledge on their own time by perusing SANS' library of analyst surveys, whitepapers, and use cases and by following the training provider's industrial control systems security blog.
7. Infosec Institute
Website: https://www.infosecinstitute.com/
Infosec Institute, part of Cengage Group, aims to empower all individuals with the necessary resources and skills to succeed. The Institute helps security professionals upskill and get certified with 100s of hands-on labs, boot camps, and role-based learning paths delivered live online, on-demand, or in-person. All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide practitioners from beginner to expert across 52 Work Roles. Infosec curriculum includes the ICS/SCADA Fundamentals Learning Path, which enables professionals to understand the fundamentals of ICS operation and security, from the infrastructure and devices that comprise the system to the architecture, policies, and standards that govern operation and maintenance.
ICS Security: Dual Solutions
Once ICS professionals have referred to the trusted technical providers discussed above, they might want to consider investing in industrial cybersecurity solutions like those offered by Fortra's Tripwire to gain visibility, implement protective control, and perform continuous monitoring to protect against cyber events that negatively affect safety, productivity, and quality.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwire.
Tripwire ExpertOps
Elevate your organization's cybersecurity with Tripwire ExpertOps! Explore our managed security service now to ensure round-the-clock protection and expert guidance in safeguarding your digital assets.
