Risks and Challenges of Legacy ICS
Manjunath Hiregange
OT/ICS Cybersecurity Lead | Industrial Automation & Control Systems | GICSP | ISA/IEC 62443 Certified
Legacy Industrial Control Systems are a critical component of the vast majority of industrial and manufacturing processes. These systems are often outdated and vulnerable to cyberattacks, making them one of the most pressing security concerns in the business world today.
In this article we will talk about the risks and challenges associated with legacy ICS, including how to identify vulnerabilities and best practices for mitigating risks.
What are Legacy Industrial control systems?
Legacy Industrial control systems are systems used in industrial and manufacturing processes that are based on outdated technology.These systems are often decades old and rely on proprietary hardware and software that is no longer supported by the original equipment manufacturers (OEMs).
As technology advances and new threats emerge, these systems are increasingly vulnerable to cyberattacks.
Legacy systems are often found in critical infrastructure like oil and gas plants, power plants, water treatment facilities, and chemical plants. They are also used in manufacturing processes for products like medical devices and food and beverage packaging. Legacy systems can be found in almost any industry where automation is used to control processes.
What are the risks associated with legacy control systems?
Consequences :
Outages and downtime - which can have serious financial and safety implications
Cyber risks can lead to data theft, manipulation of the control systems, and disruptions of the manufacturing process.
Cybersecurity Issues Related to Legacy Systems!
They are particularly vulnerable to cyberattacks due to their outdated technology and lack of support from the OEMs. Many of these systems were designed without security in mind and are no longer patched or updated to address new threats. As a result, attackers can easily exploit vulnerabilities in the system and gain unauthorized access.
In addition to their technical vulnerabilities, legacy systems are also at risk due to poor operational security practices. Many organizations fail to implement basic security measures such as access control and logging. This makes it easier for attackers to gain access to the system and go unnoticed.
领英推荐
What are the challenges of Securing Legacy?Control Systems?
The primary challenge is the lack of support from OEMs. This makes it difficult to patch and update the system to address new threats, as well as to detect and respond to security incidents. In addition, many legacy ICS use proprietary hardware and software, making it difficult to integrate with modern security solutions.
Another Challenge is lack of visibility into the system. Many organizations lack the resources needed to monitor the system and detect security incidents. As a result, organizations often rely on manual processes to detect and respond to security incidents, which can be slow and inefficient.
How to Identify Legacy ICS Vulnerabilities?
Identifying vulnerabilities in legacy systems can be a difficult and time-consuming task. The first step is to perform an inventory of the ICS to get a clear picture of the system architecture and components. This should include a detailed assessment of the hardware and software used in the system.
Once the inventory has been completed, the next step is to perform a vulnerability scan to identify any potential vulnerabilities. This may require specialized tools and expertise, as many legacy ICS use proprietary hardware and software.
Finally, it is important to monitor the system for any suspicious activity or changes in the system’s behavior. This can help to detect potential threats before they become an issue.
Best Practices for Mitigating Risks:
Final thoughts: Modernization of Legacy Systems
Modernizing legacy systems can help to
Organizations should also consider migrating to a more modern platform. This can help to reduce the risks associated with legacy ICS by providing a more secure and scalable platform.
Finally, organizations should be aware of any industry or government regulations related to these systems and ensure that the system is compliant.
Moderator of Cyber Security and Real Time Systems & Global Digital Identity Groups
1 年I think there are some much bigger issues of legacy. In themselves are they were designed older control systems running in isolation are fine. Problem is the pressures of modern business mean senior executive put pressure on senior managers to do things with process control systems that they were never designed for. You start plugging in and connecting with IT networks that are managed by folks who have no production or engineering experience .... the IT folks first way of attempting any fix is to switch it off/on ....!!!! The meaning of Security by Design is that the whole system needs to be considered as part of the risk assessment.
President | Digital Transformation Expert | 20+ Years in Industrial Automation & Control PA/FA/BAS | IoT | IIoT | Industry4.0 | Bridging OT & IT | Safety | Networking | Wireless | ML | AI | ICS | Speaker | MOM ?? Artist
1 年Remember, most hardware built before 2017 or so all had factory resets in them. And it usually was, PASSWORD lol AB/Rockwell sent out a security alert 6 months ago about their PLC's still having a factory reset and told customers to take it out of AUTO mode and turn the key to RUN. Still not sure if this has been fixed. Look, most industrial controls were never meant to be directly connected to IT or even the outside world. When a company doesn't see the value in replacing a control system that has been working 15-30+ years old this is bound to happen. Now the question is, do they invest by replacing everything or do an overlay to existing system? Most will tell you they will not be replacing all the controls.
IoT and IIoT products/services
1 年If the transformation is not a decision in hurry or to make money, then the systems would prove themselves to be the best every time, patiently crafted by experts and their learnings.
Leading ICS-OT-IIOT Cyber Security Expert, Consultant, Workshops Lecturer, International Keynote Speaker
1 年Dear Colleagues, The picture is pointing to the "Most Cyber Secured Control System". The problems started when people designed negligently converged IT and ICS-OT networks.