The challenges and recommended steps to improve cyber security within industrial control systems

“Security Protection against attack, Safety Freedom from risk and harm” End users or operators of industrial control systems (ICS) are responsible for the security of the systems. Many end users, however, find a challenge in addressing simple issues, typically: What requires protection from cyberattacks and how much protection is required? Will a critical system disruption or cyber theft cause a disruption to the business? If yes, how much? What is the recovery process? What is the recovery cost? This paper will provide insight to the challenges end users face related to cybersecurity for an ICS. It will also discuss & recommend the steps to improve the security and reliability of very critical ICS, including how maturity models can improve energy sector cybersecurity capabilities and provide options in prioritizing cybersecurity investments. Safety and security has received a lot of attention in recent years. This paper represents a compilation of benefits based on best practice; lessons learnt and author experience if functional safety and cyber Security for an ICS are integrated. Effective management of cybersecurity challenges and exposures in the ICS environment has emerged as an important and dynamic element in the operational safety, security and reliability of the oil and gas industry infrastructure. Management information systems (MIS) are not within the scope of this paper; solely their interfaces with ICSs are discussed. When considering security for businesses and industry, there are three traditional areas: physical security, personal security and cybersecurity. Cybersecurity aspects are the main focus of this paper. This paper will provide an oil and gas industry insight into cybersecurity risk management as per ISA99/IEC-62443. It will explore the similarities / differences between IT and ICS protection plus risk management, inclusive of possible ways for the integration of safety and security in an oil and gas industry ICS. What is an Industrial Control System (ICS)? An industrial control system (ICSs) designates a set of devices that directly control the manufacturing processes or operate technical installations (consisting of a set of sensors and actuators). Naturally, this covers the controlcommand systems that we find in many operating sectors – oil and gas, energy, power, water, chemicals, pipelines, military systems, medical systems, etc. Other frequently used terms for ICS, apart from slight differences in connotation, are distributed control systems (DCS), industrial automation