Critical infrastructure continue to be at risk from constantly evolving threats in cyberspace, which need to be addressed in a holistic and effective manner in order to protect economies and societies1 2.
Supervisory Control and Data Acquisition (SCADA), Industrial Control Systems (ICS) and Automatic Identification Systems (AIS) are complex systems composed of various hardware and software components, often from different vendors. They were often designed with little consideration for network security. Mergers and acquisitions, poor assessment management, absence of patch management policies and a lack of knowledge transfer prior to staff turnover can all negatively impact the cybersecurity of CIs. Together with the persistence of legacy systems and the difficulties in maintaining a continuous cycle of updates, a steady increase in the number of opportunities to exploit vulnerabilities can be expected3.
CI is becoming increasingly automated and interlinked, thereby introducing new vulnerabilities in terms of equipment failure, configuration error, weather and other natural causes as well as physical and cyber-attacks. Network isolation is no longer sufficient to ensure the security of an industrial facility4.
The threat theatre is increasingly characterised by organised groups or non-state actors and individuals resorting to asymmetric attacks enabled by the universal connectivity the Internet provides and the availability of the necessary tools and attack information. Loss of control over technology as a result of globalisation, the need for online accessibility, and foreign ownership of critical infrastructures is also increasing vulnerabilities.
The time period from when a vulnerable system is breached by a malicious outsider to the breach being discovered and vulnerabilities identified and patched, is currently on average about 200 days5. This may be due to a variety of reasons, including the fact that the scope and nature of attacks may not be clear from the beginning.