Understanding the Risks of Legacy ICS in Manufacturing
The reliable functioning of critical infrastructure, encompassing factories, refineries, airports, and transportation networks, faces an imminent threat due to the aging industrial control systems (ICS) and their components.
While there is growing recognition of the advancements in artificial intelligence (AI) and machine learning (ML) within operational technology (OT) as part of Industry 4.0, it is equally crucial to acknowledge the persistent use of older, outdated systems and technologies, which are essential for maintaining uninterrupted operations.
By examining the challenges and risks associated with the availability and reliability of crucial ICS systems, we can better understand how risk assessments can be leveraged to inform effective Capital Expenditure (CAPEX) decisions.
Dangerous situations
It is common to encounter "mature" systems and components that are still in use when assessing operational systems with a significant track record.
Consider, for instance, the ICS components that may have been installed and operational for as long as 20 years. This raises the question of the underlying operating systems that serve as the foundation for these older control systems and devices. For example, some individuals might still rely on Disk Operating System (DOS), while others might have made a partial transition to Windows 3.1, Windows 2000, or Windows XP.
The following are some of the primary risks associated with these outdated systems and their supporting components:
The break-fix mindset of the plant maintenance team exacerbates the risk associated with these components. In order to maintain uninterrupted plant availability, a failing component might be swiftly replaced with an unpatched, uncalibrated, or unconfigured device, thereby increasing the likelihood of early failure or creating vulnerabilities that potential attackers can exploit.
领英推荐
Evaluating the risk posed by outdated buildings and infrastructure
Regular risk assessments are crucial for evaluating the potential risks associated with outdated buildings and infrastructure. However, an intriguing obstacle arises when management hesitates to proactively identify issues, often adopting the mindset, "If it ain't broke, don't fix it." This approach poses a significant challenge in recognizing and addressing potential problems within these installations and infrastructure.
Conducting risk analyses and security health checks is generally advisable in such situations. However, managers or supervisors may exhibit reluctance due to the understanding that if an issue is identified, they will be responsible for addressing the detected flaw. Unfortunately, plant management may face constraints in rectifying the problem due to resource limitations, including financial constraints, lack of expertise, or the unavailability of compatible technology that aligns with the plant's technical architecture.
An example that highlights the risks of relying on outdated systems is a well-established tire manufacturer that continues to rely heavily on old operating systems, including DOS and early versions of Windows, within its production processes at a factory that has been operational for over 25 years. These legacy technologies are indispensable for essential early manufacturing activities. As a result, the failure of a DOS system , whether due to component failure or compromise, could have severe consequences, potentially leading to a complete shutdown of the entire factory.
One solution might be to upgrade the entire line with more modern "forklift" equipment. Unfortunately, this can be a time-consuming and expensive project that may necessitate a protracted plant shutdown or turnaround. It might also have trouble integrating with the lines down below. A roadmap or strategic upgrading plan is the solution to this problem.
Risk evaluation to strategic upgrade plan
Consider bringing together plant and corporate management, as well as knowledgeable integrators and automation system providers, right away with the goal of converting the results and recommendations of the risk assessment into a three- to a five-year strategic plan. This plan can start to consider a gradual switchover from outdated technology and systems to more modern ones.
The conventional risk assessment method determines a risk rating by comparing it to predefined standards for severity, consequences, and likelihood. This established criterion is commonly presented in a matrix format known as a Risk Assessment Matrix (RAM). While the severity and likelihood criteria in the RAM are usually standardized and remain consistent, the consequence criteria may vary across organizations. Therefore, they should be customized to align with their specific risk appetite.
As an example, using the RAM mentioned earlier, any risk rating falling within the red area of the matrix should be prioritized for repair as a top priority. While it may be argued that risk ratings within the yellow and blue zones are acceptable and do not require immediate attention, this approach can be misleading. Despite seemingly acceptable risk ratings, embracing a continuous improvement strategy is strongly recommended to ensure the maintenance of secure and high-availability operations. Bearing this in mind, additional controls should be implemented to mitigate the likelihood of all risks with ratings higher than C3.
Please get in touch with us to learn more about conducting risk assessments of your facilities and systems and our methods for analyzing components, systems, and facilities. View this case study to learn more about how we assisted a large manufacturing organization realize how susceptible its OT assets were to intrusions.