Systems running manufacturing infrastructure need risk analysis
1 min read
Critical manufacturing infrastructure is increasingly at risk from IT vulnerability, according to a new study by the Information Security Forum (ISF), an association of 300 businesses and public sector organisations.
Author of the report Mark Chaplin, says it’s not just about business systems, and that everything from transport systems and utility networks to manufacturing production facilities and financial transaction networks are at serious risk.
“While the increasing dependence on IT may make this seem rather obvious, the relationship between information systems and critical infrastructures is frequently overlooked,” says Chaplin.
And he adds: “It appears that information security professionals are rarely involved in the design, planning, implementation and management of infrastructure components, such as production lines, support networks and electricity supply, heating and ventilation equipment. This has to change.”
The report, ‘Securing Critical Infrastructure’, focuses on infrastructure associated with four different categories, each of which, says the ISF, could be adversely affected by a failure or compromise of information systems – manufacturing operations, telecoms, utilities and building controls.
It identifies major external threats as hacking, espionage and denial of service attacks, while internal threats include human error, malicious misuse and fraud.
The report makes the following recommendations:
STEP 1: Identify the organisation’s critical infrastructure. Gain a high level and enterprise-wide view of infrastructure used by the organisation.
STEP 2: Determine the information systems that support the critical infrastructure. Maintain an inventory of relevant information systems and establish roles and responsibilities of individuals who own and run critical infrastructure.
STEP 3: Perform an information risk analysis of information systems that support critical infrastructure.
STEP 4: Establish a framework of controls to secure the critical infrastructure – including developing a control framework for information systems that support that infrastructure; applying a balanced set of controls to information systems; reducing single points of failure; addressing the power requirements of these information systems; and managing third parties that are involved with critical infrastructure.
