According to Kaspersky Labs, 47% of industrial control systems computers fell victim to cyberattacks in 2018. Shockingly, that means nearly half of all industrial control systems were impacted. The study goes on to report that 415 different industrial control systems vulnerabilities were detected, 342 of which could have been exploitable without any expertise or special skills. Furthermore, 68% of the identified vulnerabilities were classified as critical or high risk.
Higher risk industries include energy and healthcare
Actors with malicious intent have been targeting the energy sector, including the oil and gas industry, for several years now. A recent Indegy study indicates that nearly 60% of critical infrastructure operators reported a lack of appropriate security controls in their environments. The proliferation of the Industrial Internet of Things IIoT devices, which helps to reduce costs and increase quality of service, is also presenting a new potential risk. If IIoT devices are installed without proper security measures in place, they can provide easy access entry points to the entire network, thereby compromising operational integrity.
Why key industry players are joining the Alliance
In order to better combat these threats, ISA and Schneider Electric have recently joined forces to form the ISA Global Cybersecurity Alliance. Other key industry players, including Rockwell Automation, Johnson Controls, Honeywell and Claroty have also joined the Alliance.
The ISAGCA was formed to bring together industrial control systems vendors, end users, integrators and everyone with a stake in OT cybersecurity in an open, inclusive, collaborative body from which to address cybersecurity challenges. By sharing expertise and best practices, Alliance members can effectively train their people and validate their cybersecurity skills, apply standards in a consistent fashion to protect processes, and leverage compliance programmes to ensure the development of secure technology.
As a founding member, Schneider Electric recognises the critical nature of the cybersecurity challenge and realises that collaboration among companies can be more effective than simply developing secure products in a vacuum, as one vendor. The industry-wide adoption of the ISA/IEC 62443 cybersecurity standards provides both users and vendors a common baseline for protecting devices, processes, and facilities. Schneider Electric has increased the knowledge of its employees by leveraging ISA’s cybersecurity training and certificate programmes and sees education as the first line of defence when resisting cyberattacks.
Benefits of Alliance membership
Membership in the ISAGCA is open to include any end user or product manufacturer/supplier organisations who apply and are interested in collaborating on the cybersecurity topic. Membership fees are based on the size of the participating organisation. Members who join the ISAGCA are given the opportunity to help define the priorities that need to be addressed in order to drive higher levels of cybersecurity. The ISA provides the raw materials in terms of standards, and members provide contextual use cases to help create new resources and to develop a deeper context for better applying those standards.
Alliance members also provide cybersecurity talent from inside of their own companies, so that experts across the industry can work together to drive standards adoption and compliance in collaboration with their peers. The Alliance has established a list of anti-trust guidelines, which members commit to uphold, in order to ensure fair and equitable participation in working groups and discussions. This helps to develop and expand a cyber-aware culture that will serve the entire industry for decades to come.
Together, the Alliance members are defining objectives around four key themes: collaboration, standards, education and protection. Short-term goals supporting these themes are under development.
By Nathalie Marcotte, Senior Vice President Schneider Electric Industrial Services, and Mary Ramsey, Executive Director, International Society of Automation