Information technology (IT) has a main role in our society and economy. It is known that most of the essential services, public and private, mass media, security forces and, of course, enterprises, depend on IT for the normal, everyday activities. But, it is not so widely known that every one of those essential services and IT assets depend more and more on industrial control systems (ICSs). ICSs are responsible for the control and management of physical security systems in data centers, as well as refrigeration towers and electric generators providing energy to the fire extinguish systems, among many other aspects.
ICSs are the bases of the main critical infrastructures and essential services in our nations and, therefore, their security and protection rests in them. This has made ICSs a target for cyberterrorism, advanced persistent threat attacks and cyberwar.
This fact, besides a lack of security requirements in their design, deployment and operation, has allowed the development of real cyberweapons whose objective is to exploit the existing vulnerabilities in these systems.
Therefore, our society and economy are vulnerable. Stuxnet, Duqu, Anonymous, Flame, Shamoo, Careto, botnets or denial of service attacks are words and concepts appearing more and more in the media, trying to explain information leaks, service outages, electrical blackouts and other incidents that affect our essential services.
In a global market with more competitiveness and complex and growing threats, this situation is unsustainable. It is necessary to employ large amounts of work, develop plans, implement measures and, of course, provide important economic resources to decrease the gap of vulnerability to the attackers, and increase the level of protection of our industrial and critical infrastructures.
This new area, called industrial cybersecurity, addresses these issues. It is the set of practices, processes and technologies designed to manage the risk of cyberspace when using, processing, storing and transmitting information in industrial infrastructures and organizations, and focuses on the people, processes and technologies involved. In this increasingly complex world, many disciplines need to team up to reduce the risks related to cyberterrorism and protect our critical assets.
Director, Industrial Cybersecurity Center (CCI)