Cybersecurity risks should be a concern to any business with an internet connection or data port. Smaller operators may feel their limited size and notoriety renders them generally immune to invasion. This is a falsehood. Every control system should be considered a potential target. That said, paranoia and fear should not be your primary decision drivers. Cybersecurity is accomplished through awareness, diligence, and collaboration.
Even if you consider yourself a small and insignificant operator, it is useful to begin, then maintain, a connection to the conduits for industrial control system cybersecurity information. Develop your awareness of the potential for intrusion into your control system. Start to become knowledgeable about how cyber threats can impact your operation, and how cyber intruders gain access. As you build your knowledge, it is likely you will find ways to improve your level of security without major change or expense.
The U.S. Department of Homeland Security houses the watchdog organizations for industrial control system cybersecurity. There is a group within the department that is dedicated solely to industrial control systems. The Industrial Control Systems Cyber Emergency Response Team, better known as ICS-CERT, works to reduce cyber intrusion risks for industrial control systems. The link for ICS-CERT should be your first stop when delving into industrial cybersecurity. The site provides links to many other resources and activities, all directly related to cybersecurity. You can sign up for newsletters, and even receive alerts when new threats are uncovered.
Your steady progress in knowledge building will better prepare your organization for the cybersecurity challenges of the current environment, as well as those that will emerge in the future. A fact sheet from the National Cybersecurity and Communication Integration Center, providing some useful information on their functions and activities, is included below.
Any concerns you may have about the potential vulnerabilities of instruments or equipment currently in place should be shared with vendors as part of the evaluation of your current systems.