Abstract
Today, industrial cybersecurity is in the early stages of its development, gradually evolving into a science and technology discipline that will become the cornerstone of industrial manufacturing and construction technologies, the infrastructure of modern cities, transportation, healthcare, etc. The community of researchers and engineers is constantly looking for solutions to protect both existing systems and future technologies. As we depart from the starting point, we must build our assumptions on an objective assessment of the current situation, because, at this stage, even seemingly insignificant misconceptions can cause major fluctuations that prevent us from choosing the right strategy. In this article, we will discuss typical misconceptions and common errors in assessing the security of industrial control systems that Kaspersky Lab ICS CERT experts encounter in their day-to-day communication with people from different industrial sectors and the community of information security experts. We will support our conclusions with the results of the past several years’ research into the various cyberthreats affecting industrial enterprises.
Zusammenfassung
Heute ist die industrielle Cybersicherheit am Beginn ihrer Entwicklung und entfaltet sich sukzessive in eine Wissenschaft und technologische Richtung, zu einem Eckpfeiler in Produktion und im Baugewerbe, in der Infrastruktur moderner Städte, der Verkehrsindustrie, dem Gesundheitswesen, usw. Die Gemeinschaft von Forschern und Ingenieuren sucht kontinuierlich nach Lösungen, um sowohl existierende als auch zukünftige Technologien abzusichern. Da wir uns am Startpunkt befinden, müssen wir unsere Hypothesen auf einem objektiven Assessment der aktuellen Situation aufstellen, da auf dieser Stufe sogar scheinbar unbedeutende Missverständnisse zu großen Abweichungen führen können, die es verhindern, eine richtige Strategie zu wählen. In diesem Artikel geht es um typische Missverständnisse und übliche Fehler in der Bewertung von industriellen Steuerungssystemen, auf die die Kaspersky ICS CERT Experten in ihrer tagtäglichen Kommunikation mit Menschen aus verschiedenen Produktionsbereichen und in der Gemeinschaft der IT Sicherheits Experten stoßen. Unsere Schlussfolgerungen belegen wir mit Forschungsergebnissen verschiedenartiger Cyberbedrohungen auf Industrieunternehmen aus den letzten Jahren.
About the authors
Evgeny Goncharov has Master of Physics degree. He has worked in Software development since 1999, with 13 years’ experience in the IT Security industry. Evgeny joined Kaspersky Lab in 2007 as software development team lead. Since 2014, Evgeny has driven Kaspersky Lab’s ICS cyber security research, product and services development. He is currently the Head of Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (KL ICS CERT).
Kirill Kruglov is a leading ICS threat researcher in Kaspersky Lab’s Industrial Control Systems Cyber Emergency Response Team (KL ICS CERT). He has over 10 years of experience in the cyber security field. Today he leads research on ICS cyber threats, coordinates threat hunting activities and manages development of KL ICS CERT infrastructure and services. At the same time Kirill is responsible for delivering intelligence reports and alerts on urgent ICS threats, ICS threats data feeds. Kirill has a bachelor’s degree in software engineering and information systems management from the Moscow Financial-Industrial Academy. Kirill has authored a number of patents as well as of numerous IT and ICS cyber security publications. He is a regular speaker at ICS security conferences and conducts online and live ICS security training sessions.
Yuliya Dashchenko is a senior security analyst with the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (KL ICS CERT) since 2017. Her research interests include cyber threat analysis, ICS threat intelligence, risk and compliance analysis.
© 2019 Walter de Gruyter GmbH, Berlin/Boston
