Computer systems are used in performing a variety of different tasks. For example, an industrial network of computer systems and equipment are used in controlling and/or monitoring industrial systems termed industrial control systems (ICS). Such ICS can be used in connection with manufacturing, power generation, energy distribution, waste handling, transportation, telecommunications, and water treatment. The ICS may be connected and accessible via other networks, both directly and indirectly, including a corporate network and the Internet.
The industrial network may thus be susceptible to both internal and external cyber-attacks. As a preventive measure from external cyber-attacks, firewalls or other security measures may be taken to separate the industrial network from the other networks.
In an ICS, cyber-security is of increasing concern, and it is difficult to quickly determine the potential sources of risk to the whole system. Modern ICS generally contain a mix of devices/equipment including WINDOWS servers and workstations, switches, routers, firewalls, safety systems, proprietary real-time controllers and field devices. Often such devices/equipment is a mixture from different vendors.
Moreover, ICS operators may not have a complete understanding or inventory of all the devices/equipment running in the ICS. Unaddressed security vulnerabilities in any of the devices/equipment can cause system failures including disrupting production or causing unsafe conditions. Such system failures may be the result of a malicious attack, a disgruntled employee, a virus or just the result of a mistake coupled with a lack of cyber security measures. Even stand-alone devices/equipment can be vulnerable, such as by viruses which can be introduced via Universal Serial Bus (USB) memory “sticks”.