What’s the Difference Between Commercial and Industrial Cybersecurity?

Cyber security is incredibly important for modern businesses, since cyber-attacks are now one of the most pressing issues for both large and small-scale enterprises. With companies relying more and more on technology, the risk of cyber threats is ever increasing- so it’s not something to overlook regardless of what you do or sell. It’s important to understand the differences between the various types of cyber security, so you can choose the best fit for your business and enjoy peace of mind that you’re doing all you can to protect your company.
What is Industrial (ICS) Cybersecurity?
ICS security is defined as the protection of industrial control systems from threats from cyber attackers. Industrial control systems are used in machinery throughout a wide range of industries all around the world, including everything from HVAC installations to robotics to even prison cell doors. In the past, these systems were not networked and lacked computing and communications technologies, but after being upgraded into industrial control systems in the mid-90s, ICS security threats which were previously known only to IT systems were exposed. The need for ICS cybersecurity was born. The main objective of ICS cybersecurity is to maintain the integrity of its production process and the availability of its components. Protection of information is still important, but since loss of production translates into an immediate loss of income this is what it prioritises. ICSs are not simply IT systems with control options, instead they’re tightly integrated proprietary systems. ICSs are composed of components that are generally custom built and foreign to IT. While their workstations and servers are usually based on Windows, they’re usually hardened further by the ICS vendor throughout the software.
What is Commercial (IT) Cybersecurity?
The primary objective of IT cybersecurity is to protect data (confidentiality). These systems are usually composed of interconnected subnets which have some level of Internet connectivity. This means that access controls and protection from the Internet is a primary focus of IT network security. So, you will usually see sophisticated firewalls, proxy servers, intrusion detection/prevention devices, and other protective mechanisms at the boundary with the Internet. IT systems are generally made up of ‘off-the-shelf’ networks, workstations, and servers which can be accessed and administered by IT. As a result, IT departments can define their own security policies and enforce them with other off-the-shelf security-related applications and devices. These include firewalls, antivirus systems, and patch management systems.

There are fundamental differences between ICS and IT systems; not all IT security solutions are suitable for industrial control systems. Many enterprises will have multiple production processes and industrial control systems, and as a result, it’s often the case for security to be handled differently among the various industrial control systems in the company.
Scroll to Top