Computer systems are used in performing a variety of different tasks. For example, an industrial network of computer systems and equipment are used in controlling and/or monitoring industrial systems termed industrial control systems (ICS). Such ICS can be used in connection with manufacturing, power generation, energy distribution, waste handling, transportation, telecommunications, oil refining, and water treatment. The ICS may be connected and accessible via other networks, both directly and indirectly, including a corporate network and the Internet.
The industrial network may thus be susceptible to both internal and external cyber-attacks. As a preventive measure from external cyber-attacks, firewalls or other security measures may be taken to separate the industrial network from other networks.
In an ICS, cyber-security is of increasing concern, and it is generally difficult to quickly determine the potential sources of cyber-risk to the whole system. Modern ICS generally contain a mix of equipment including WINDOWS servers and workstations, switches, routers, firewalls, safety systems, proprietary real-time controllers and field devices. Often this equipment is a mixture of equipment from different vendors.
Moreover, ICS operators may not have a complete understanding or inventory of all the devices/equipment running in the ICS. Unaddressed security vulnerabilities in any of this equipment can disrupt production or cause unsafe conditions in the ICS. Such system failures may be the result of a malicious attack, a disgruntled employee, a virus, or just the result of a mistake coupled with a lack of cyber-security measures. Even stand-alone equipment can be vulnerable, as viruses can be introduced directly via Universal Serial Bus (USB) memory “sticks”.