Booz Allen Hamilton, the global consulting and technology firm, has highlighted the most significant threats to industrial control systems (ICS) in 2016 and 2017, and the most effective measures to counter them, in a recent report titled Industrial Cybersecurity Threat Briefing.
The report found that more security incidents involving ICS occurred in 2015 and 2016 than any previous year and that industrial companies across the MENA region are at a heightened risk of cyber-attacks. They found that the tools for cyber-attacks have become more publically available and identified energy, utilities, transport, and manufacturing as key sectors that face such threats.
Industrial control systems manage and automate significant portions of the world today and are important in manufacturing, pharmaceuticals, transportation, energy, and petrochemicals among others. According to the report, ICS “sit at the intersection of the digital world and the real world, where cyber-attacks can cause physical destruction and even death”.
“Mitigating risk requires more than just tuning firewalls and applying patches; it also involves investing in human capital, and training on policies and procedures. All facets of the cyber domain must be considered: technology and standards, policy and governance, leadership and culture, planning and operations, and management and budgeting. GCC leaders who successfully collaborate with relevant key stakeholders to create an integrated vision for cyberspace will help to ensure continued economic growth in the region, and will establish a global standard for other developing regions to emulate,” explained Mahir Nayfeh, senior vice president at Booz Allen Hamilton.
In a 2015 survey of 314 organisations operating ICS around the world, 20% of whom are based in the Middle East, over 100 respondents indicated that their control systems were breached more than twice in 12 months. The Industrial Control Systems Cyber Emergency Response Team has reported more than 800 cybersecurity incidents globally since 2011, with most occurring in the energy sector, 50% of which are in the Middle East while 30% are recorded in Western countries. Average annual losses to companies worldwide from cyber-attacks now exceed $7.7m according to the Ponemon Institute.