Need for integrated approach to security in industrial control systems

New Pike Research examines the changing dynamics in the automation systems market, including technology, regulatory and business trends. It also shows how these market developments are driving demand among critical infrastructure operators for new, integrated approaches to monitoring, managing and protecting their automation systems.

One key factor cited in the report is growing control system complexity. Since most automation environments were developed over decades without a master plan, they now contain heterogeneous systems that are difficult to manage. Another factor is resource constraints; with today’s business conditions, operators are being asked to do more with less.

A third major market driver is the exponential growth of intelligent devices deployed in automation environments. These networked and IP-enabled devices are creating management requirements with which operators have limited experience.

The report discusses how these and other trends are motivating operators of automation environments, such as industrial control systems (ICS), to seek new, more efficient ways to monitor, manage and protect their critical systems. It underscores the fact that with all the changes occurring in their environments, operators need technology and tools that enable them to a more integrated and intelligent approach to security, compliance and change management.

“In researching this report, we saw two main themes clearly emerging in the market,” said Pike Research Senior Analyst Bob Lockhart. “First is a growing recognition among ICS professionals of overlaps in the processes, data and technology required to monitor, manage and secure today’s automation environment. The second theme is that significant workload and expense reductions can be achieved by taking an integrated approach to these presently separate functions and processes. ICS managers can benefit from unified solutions that process this cross-functional complexity within the systems themselves, insulating users from the inherent complexity.”

Additional key findings in the report include the following.

Cyber security – New technologies are providing operators with real-time visibility into their industrial control systems and more proactive ways to maintain and optimize those systems. But these advances come with operating systems, applications and hardware that have vulnerabilities that did not exist in earlier systems. As a result, automation systems now need the same levels of management and security that have been seen in enterprise networks for the past two decades.

Governance and regulatory compliance – Many companies now must document their compliance with regulatory requirements such as the NERC Critical Infrastructure Protection (CIP) standards. Additionally, companies have their own internal compliance and performance requirements that must be adhered to. To efficiently meet external and internal requirements while minimizing administrative burdens, compliance systems must become more automated.

Control system operations – Control networks are typically large and complex, as are the technologies used to automate them. Growing numbers of point solutions in these environments make them more complex. To increase efficiency, operators need to integrate their disparate systems. But these integration projects are often costly and time consuming. They also require the attention of key staff people who could otherwise be focused on other initiatives more strategic to the organization.

The solution: Integrate the three key functions – As companies pursue service and performance improvements, such as gaining greater visibility into control networks to prevent outages, they find commonalities across security, compliance and change management functions. Many of these overlapping tasks and data requirements can be reduced to a single set of actions that need to be done only once. To gain this efficiency, operations can deploy solutions that tightly integrate security, compliance and change management functions on a single platform.