Cybersecurity in critical infrastructure
Critical infrastructure such as electricity distribution, water supply, transportation and telecommunications all depend on IT systems for management, surveillance and control. Industrial control systems (ICS), also called SCADA (Supervisory Control And Data Acquisition), are in fact consequently essential to maintain the functionality of modern society. There are no shortcuts when it comes to cybersecurity. Encryption is merely part of the overall protection, segmentation another. You always have to have a holistic approach and also include physical security and human factors.
Regulations for actors in critical infrastructure
There are regulations for actors in critical infrastructure to follow. For example, the NIS Directive aims to promote security measures and boost EU member states’ level of protection of critical infrastructure. In other words, it improves information security of operators in sectors that provide essential services to our society and economy. This also means that action needs to be taken by actors in critical infrastructure to fulfill these security demands.
How to raise cybersecurity in critical infrastructure
To raise cybersecurity of critical infrastructure in general, strict segmentation of industrial control utility systems (ICS/SCADA) has to be applied, combining logical separation with physical separation. This means keeping separate domains in the architecture isolated and allowing only very specific information to flow in-between. An effective way is to achieve this is by using products that replace manual management of information (air gap) and connect OT with IT systems at the highest level of security.
The most important element in enhancing ICS/SCADA security is to keep the separate domains in the architecture isolated and only allow very specific information to flow in-between. Advenica’s Data Diode creates a high assurance isolation in the back direction, thereby blocking everything from the outside. If two-way information flow is necessary between the domains, a solution based on a high assurance filter, like SecuriCDS ZoneGuard is needed. Here the information is inspected in every detail and approved if, and only if, everything is in perfect order. The high assurance filter performs the virtually impossible task of interconnecting specific information flow between two domains that must not be connected.
Advenica helps operators within critical infrastructure identify vulnerabilities in current hardware and network components and to take strategic and effective measures towards higher information security.