Here's an action plan for industrial control system cyber-resilience
Enterprises in smart critical infrastructure-driven sectors such as manufacturing, energy, water, and transportation (among many others) rely upon the cyber-resilience of industrial control system (ICS) infrastructure to sustain business continuity. Business continuity here not only encompasses the feature of non-disruptive minimal service quality to customers but also the feature of ensuring the safety properties of that service. As Brian Deken, Business Development Manager of ICS giant Rockwell Automation, put it: "As a citizen, I'd like to know whether my drinking water is safe or whether a cyber-attack is affecting it or could possibly affect it". Imagine an event in a smart city with about a million people accessing maliciously targeted non-potable drinking water. How much could this event negatively affect society's economic, health, and lifestyle welfare? Is there a strategy by which the management in such enterprises can maintain business continuity in the event of inevitable cyber-attacks to mitigate these repercussions?
In this article, we provide a brief overview of how ICSs operate, their security challenges, and examples of cyber-attacks that have significant adverse repercussions on society. Subsequently, we provide a three-point action plan for ICS management to boost cyber resilience and maintain business continuity in the event of inevitable cyber-attacks.
[This article has been published with permission from IIM Calcutta. www.iimcal.ac.in Views expressed are personal.]