Industrial control systems (ICSs) are routinely used to monitor and control complex industrial processes. An increasing level of security defense mechanisms have been needed as these systems evolved from closed proprietary systems in the early 1990s to convenient, connected, and open systems over the years. Open systems were adopted in a trend shift for increased convenience, improved connectivity, and improved productivity. However, these systems became more vulnerable to exploits due to the widespread knowledge about open system vulnerabilities.
To mitigate these concerns, security architectures began mandating the use of perimeter security and security-hardened nodes. Unfortunately, the subsequent introduction of virtual platforms and remote access support further required additional security countermeasures to prevent unauthorized access and system privilege gains by intruders. Security architectures and solutions thus continued to evolve based on system capabilities and with a common theme of preventing external exploitations of system vulnerabilities.
In 2010, the StuxNet worm specifically targeted certain programmable logic controllers (PLCs) and changed the security landscape within industrial control systems through an insider attack on an Iranian nuclear plant. Subsequent to StuxNet, embedded devices moved to the forefront of security discussions. Vendors started including more security controls in their devices, such as least privilege designs, segregation of duties, and defense in depth, in order to mitigate insider attacks.
With the advent of the “Internet of Things” (IoT) and the “Industrial Internet of Things” (IIoT), new security challenges have surfaced. This is due to a change in embedded device deployment scenarios for ICS vendors. IoT and IIoT devices need Internet connectivity and the ability to publish information to “the cloud” in order to create value for customers.