Scribd
Upload
266 views1 page

ICS SICS Framework Infographic

Industrial control systems (ICS) now control essential services like water, gas, electricity and transport in the UK. These systems are increasingly connected to the internet and can be remotely controlled, introducing vulnerabilities. Cyber attacks on UK businesses are rising, with over 117,000 attacks per day. ICS systems have also been targeted, like the Stuxnet virus that sabotaged uranium enrichment centrifuges in Iran. Government agencies provide frameworks to help organizations securely manage the risks to these critical infrastructure systems from cyber threats.

Uploaded by

pedroq
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
266 views1 page

ICS SICS Framework Infographic

Industrial control systems (ICS) now control essential services like water, gas, electricity and transport in the UK. These systems are increasingly connected to the internet and can be remotely controlled, introducing vulnerabilities. Cyber attacks on UK businesses are rising, with over 117,000 attacks per day. ICS systems have also been targeted, like the Stuxnet virus that sabotaged uranium enrichment centrifuges in Iran. Government agencies provide frameworks to help organizations securely manage the risks to these critical infrastructure systems from cyber threats.

Uploaded by

pedroq
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

010 010

100101 PROTECTING WHAT MATTERS


010 010
010100 Industrial Control Systems
100100
Most of the UK’s essential services now rely on Industrial Control
Systems (ICS) for delivery and operation. These sytems can be
connected via the internet and controlled remotely.

Infrastructure relies on Industrial Control Systems

WATER OIL GAS ELECTRICITY TRANSPORT CIVIL NUCLEAR CHEMICALS

Each person The UK The gas we The UK was Every day there Nuclear energy The UK’s
in the UK consumes extract from powered up are 24m journeys currently chemical industry
uses about 1.217m under the sea via 29.9m made across supplies 20% supports half a
150l of water barrels of oil heats about 80% electricity public transport of the UK’s million jobs
a day per day of British homes meters in 2013 in London electricity

But enabling connectivity and remote access on this scale


introduces vulnerabilities
1
Did you know that the average ICS has 11 different connections?
Monitoring these is key to understanding the risks.

Malicious code is getting onto our industrial networks in different ways

Corporate network 25%


Remote access
8

26%
Outside contractors 10%
Internet connections 9%

e s t. s e n d () ; $ r a n d A rra y In d e x HMI interface 8%


re q u
Wi-Fi 5%
p l o d e ( " \ n ", $text);
rra y = e x Mobile devices 0.4%
USB ports 3%

Number of cyber attacks to UK businesses per day


Cyber attacks are
on the rise 2 117,339
68,219 79,178
62,191
Annual global cost:

£400 BILLION 2011 2012 2013 2014

And Industrial Control Systems are being targeted

Stuxnet was the first known autonomous threat to target and sabotage
Industrial Control Systems to such an extent

The target is believed to be a uranium enrichment facility LNK and PIF files allowed the threat to auto-execute
onto USB drives. The files were then spread to systems
not connected to the internet

This meant that there were other un-targeted


systems that were also infected
Infected the soware of at least
40,000
155 countries
14 INDUSTRIAL SITES infected IP
addresses

In 2003 the Slammer worm infected the security system of a nuclear power plant

Introduced by a private Safety monitoring was Fortunately the system


contractor’s laptop disabled for 5 hours was down for maintenance

How can you manage the risk?

CPNI have developed a framework and good practice guide for securing ICS. This comprises eight core elements that
address the increasing use of standard IT technologies in ICS. You can use these as points of reference to help you
develop and tailor ICS security, appropriate to the needs of your organisation.

Manage Industrial
Establish ongoing Manage the
Control Systems
governance business risk
lifecycles

Select and
Improve awareness Manage
implement security
and skills vulnerabilities
controls

Manage third Establish response


party risks capabilities

The framework and its supporting elements are intended to be a point of reference for an organisation
to begin to develop and tailor ICS security that is appropriate to its needs

The Centre for the Protection of National Infrastructure protects national security
by providing integrated protective security advice. For further advice on cyber Centre for the Protection
security visit the CPNI website. of National Infrastructure

REFERENCES
1 Securing Critical Information Infrastructure: Trusted Computing Base: Securelist October 2012
2 Net Losses: Estimating the Global Cost of Cybercrime, McAfee, June 2014

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy