Industrial Control Systems: The Human Threat

Industrial Control Systems: The Human Threat

Antony Bridges (QinetiQ, UK)
DOI: 10.4018/978-1-4666-2659-1.ch004


As industrial control systems (ICSs) have been connected to wider organisational networks and the Internet, the threat from unauthorised access has increased. Protecting these systems from attack requires not just the use of appropriate technological solutions but also an understanding of the humans within the wider system. It is not sufficient that the human knows what they need to do. They must also be willing and able to do it. This chapter highlights some of the human vulnerabilities within Industrial Control Systems and suggests that greater consideration of and adaptation to the human limitations will enhance the future security of these systems.
Chapter Preview


In the past employees stationed in remote huts or signal boxes manually adjusted valves and switches to maintain production or support the running of transportation systems. As technology advanced these standalone control points were connected and manual controls were replaced with remotely operated controls. This allowed just a few individuals to monitor and make prompt interventions to any part of the system, reducing disruption to production, decreasing operating costs and improving safety. Over time, the systems have grown in scale and complexity, from closed networks to those operating across large distances through corporate networks and the Internet. As the use of Industrial Control Systems (ICSs) has grown, system providers have moved to standard system platforms and off-the-shelf software using standard operating systems. This has increased their vulnerability to the cyber security threat and reduced the ability of organisations to understand the potential consequences of an attack.

The US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT, 2011) highlighted a significant growth in incidents impacting on US organizations’ that own and operate control systems associated with critical infrastructure. In 2009 four incidents were confirmed. In 2010 this had risen to 41 reported incidents involving the deployment of onsite response teams on eight occasions. In 2011, 198 incidents were reported. This increase may be partially attributable to greater awareness and better reporting nonetheless the incidents included genuine threats. Cases included spear-phishing e-mail campaigns that successfully compromised and copied data from the business enterprise network, the Stuxnet virus on engineering workstations and several machines connected to manufacturing control systems network and the infection of a remote terminal server. In 2005 13 US DaimlerChrysler plants employing 50,000 workers were shut for an hour after becoming infected by the Zotob worm (United States General Accounting Office, 2007). When ICS stops functioning there is an immediate and direct cost in terms of loss production or service.

Complete Chapter List

Search this Book: