To measure and control procedures, for example for automation of processes and for monitoring large systems, so-called Industrial Control Systems (ICSs) are used in many industrial sectors. They are often used in the manufacturing industry and in sectors which are counted among critical infrastructures (KRITIS), such as energy, water, food or transport and traffic.
In the past, ICSs were physically separated from other IT systems and networks (so-called “air gap”) and thus protected against external influences by other information technology to a large extent. Therefore, security was an aspect of minor importance when selecting and developing mostly proprietary software and protocols.
With the introduction of IT systems from the office environment and the increasing level of networking of the ICSs even across network boundaries (e.g. in an enterprise network), these systems are nowadays exposed to similar threats to those of conventional enterprise IT systems. The fact that these threats are real is proven by different incidents in the recent past.
Depending on the threat agents’ target, the procedure of the threat agents differs slightly. In the case of systems which can be directly accessed via the Internet, attacks on the system are started in a targeted manner. This means that vulnerabilities are exploited directly. They may affect the operating system, server applications or web applications.
In the case of many attacks which have become known in the last few years, spear phishing attacks are used to enter the enterprise. In this way, a kind of “bridge head” is installed on a computer in the enterprise. This bridge head is used to spy out the network and to infect other systems. If the threat agents have reached their actual target system, they obtain the information they looked for there or manipulate it. If the threat agent achieves their goal, they will also try to cover their tracks in order to remain undetected.
This makes clear that the security design of process control systems must be reconsidered and, if necessary, adjusted to the current threat scenario.
In Table 1, typical observations made in the recent past during ICS security audits, which allow conclusions on the current threat scenario to be drawn, are listed as examples.
