Kathy Gibson reports from Kaspersky Labs’ Cybersecurity conference in Baku – Cybercriminals are enjoying more success than ever in the industrial arena, with new exploits starting to become more common – and with the potential for enormous damage across a broad front, and affecting millions of people.
“With industrial attacks, you don’t have to be the victim to be affected,” points out Matvey Voytov, solution business lead: critical infrastructure protection business development at Kaspersky Lab.
With power stations and water purification facilities among the victims in just the last few weeks, the risks are very real.
The current environment, however, plays into the hands of cybercriminals. CEOs don’t necessarily understand how cybersecurity can relate to revenues; IT security people are not typically allowed access to the industrial systems; and industrial operations staff are probably not up to speed on cyber-attacks.
Kaspersky Lab has launched its Industrial Cybersecurity suite that delves deeper than before into the manufacturing and process fabric.
The solution allows CIOs to predict vulnerabilities, respond to incidents, detect threats, and protect the systems.
The new system provides effective cybersecurity for all industrial layers, including SCADA servers, HMI panels, workstations, PLCs and network connections. It does this without impacting on operational continuity and consistency of the technological process.
Kaspersky Lab has collaborates with some of the leading industrial automation regulators, including ISA and IIC. It is also working closely with major industrial system vendors including Rockwell and Siemens, to ensure that the cybersecurity co-operational frameworks and processes are properly deployed to protect the industrial environments.
Kaspersky Industrial Cybersecurity offers ICS threat detection and protection through a combination of conventional security technologies adapted for an ICS environment. This is enhanced with a number of technologies designed specifically for industrial environments including integrity checking for PLC programs, semantic monitoring of process control commands, and telemetry data to detect cyber-attacks targeting physical infrastructure.
Further specialised services for critical infrastructure include incident response and prediction capabilities tailored for the industrial environment.
“Threats to industrial and critical infrastructures are very real.” Says Voytov. “There are various vectors to these attacks.
“Conventional IT security doesn’t necessarily work for ICS, there is a need for specialised technologies.”