The topic of cyber threats is becoming increasingly present on the agendas of organizations of all sizes and verticals. With the intensification of the digital transformation movement through the introduction of technologies such as 5G and the Internet of Things, ensuring the protection of infrastructure will be an even greater challenge for organizational leaders.
One of the preferred targets of malicious attackers are organizations that use Industrial Control Systems (ICS). ICS processes critical data and is responsible for the functioning of sectors such as telecommunications, logistics, energy generation, and the healthcare sector. These sectors are a vital part of countries’ economies, forming part of what we call critical infrastructure. According to a Kaspersky study, during the second half of 2021, almost 40% of industrial devices were targeted at least once. These attacks bring significant consequences not only for these organizations but for society as a whole.
One of the biggest examples of the damage that attacks on this type of organization bring occurred in 2017. That year, Maersk, a logistics giant, fell victim to the NotPetya malware, a virus with high propagation and destruction capacity that encrypted its data. The attack caused infected devices to simply stop working, affecting the continuity of its operations and bringing revenue losses.
In addition, various governments around the world have shown concern about the impact associated with cybersecurity, especially those linked to critical infrastructure. This has caused an increase in the activity of regulating how companies implement appropriate cybersecurity controls in industrial environments.
As part of the effort to ensure the cybersecurity of control and automation systems, the International Society of Automation (ISA) developed the 62443 series of standards. These standards are internationally recognized and have been adopted by the International Electrotechnical Commission and the United Nations. The ISA 62443 standards define requirements and procedures for the implementation of safe industrial and automation systems, as well as best security practices for these systems. The adoption of the ISA 62443 standards allows industrial organizations to address the challenges related to the cybersecurity of their systems and eliminate the gaps between operations and Information Technology in their infrastructure.
Moreover, with the aim of increasing awareness and protection capability of ICS in industrial and critical infrastructure installations and processes, ISA created the Global Cybersecurity Alliance (GCA). The cybersecurity alliance created by ISA brings together automation and system control providers, IT infrastructure suppliers, service providers, system integrators, and end-users to address threats to ICS together.
ISAGCA also works to stimulate the adoption of the ISA 62443 standards, which allows for increased awareness, knowledge sharing, and tool development to assist organizations in implementing the entire cybersecurity protection lifecycle. ISAGCA members are also committed to working together with government agencies, regulators, and other stakeholders around the world.
ISAGCA members include leading technology and industrial application providers, among which is Senhasegura. senhasegura’s participation in ISAGCA since its foundation allows for the application of our experience in protecting privileged access to achieve the alliance’s objectives, especially those related to ICS protection. senhasegura’s participation in the alliance also allows for identifying gaps, reducing risks, and ensuring that member companies have the appropriate tools to protect their infrastructure from malicious attacks.
All of these aspects also show the commitment of the entire senhasegura team and ISA to the effective security of industrial environments, as well as the importance of advancing together to ensure the application of these standards, methods, and best practices for the protection of industrial systems. In this way, it is possible to ensure not only the security of organizations but of society as a whole.