While thinking about what security measures to spend money on, SCADA/ICS operators can take several steps to protect their assets. These include:
- Segmenting networks by separating connected wireless and IoT technologies from SCADA/ICS.
- Securing network infrastructure, including switches, routers, and wireless networks, through firewalls and other tools designed to protect these assets.
- Applying identity and access management policies to keep outsiders out of networks and to prevent employees from accessing parts of the network they don’t need to access.
- Using a web application firewall (WAF) to scan and patch unprotected web applications.
- Deploying endpoint protection to deliver real-time, actionable intelligence and visibility into threats.
With the potential to impact the physical safety of employees or customers, security considerations for SCADA/ICS must be different than for traditional IT systems. The good news is that, by taking a multilayer approach to SCADA/ICS security, organizations can significantly improve their security footing and thereby reduce their risks.