How to protect your industrial control systems from cybersecurity threats

rhino.jpg

Until recently, Industrial Control Systems (ICS) were bespoke systems utilising proprietary protocols with little that would resemble a network to today’s IT engineers.

However, modern control systems now consist of a variety of ‘smart’ instruments and controllers that push real-time data to the Enterprise environment using standard IT technology.

This convergence of the ICS and IT worlds provided many cost and efficiency benefits, however it also exposed ICS systems to the same Cybersecurity risks that IT systems suffer.

In 2003 a worm that targeted corporate databases, caused a Denial of Service to the safety system of a Nuclear Powerstation by simply flooding the network. Luckily the facility was in a period of maintenance.

Patches to prevent the worm were available at the time, but had not been implemented. However, it was the discovery of a sophisticated virus that specifically targeted control systems that brought widespread awareness to the vulnerabilities of ICS in 2010.

Traditional IT Cybersecurity measures had largely been abandoned in the ICS environment due to their perceived impact on real-time communications, relying solely on perimeter firewalls for protection.

Cybersecurity in the ICS environment is a complex problem with no single solution. Schneider Electric advocates that the best approach to Cybersecurity is a Defence-In-Depth strategy, which can be simplified into the following areas:
• Secure Products
• Secure Architecture
• Security Policies & Training

Secure Products

When considering the security of products, methodologies must be adopted that address Cybersecurity at every stage of the product lifecycle. This will ensure those products are not only designed with the required security functions, but that the products themselves are securely programmed and tested to guarantee their robustness to a cyber-attack.

Schneider Electric also recommends that products are certified to Cybersecurity standards such as ISAsecure and Wurldtech’s Achilles.

Advances in technology have reduced the performance implications of standard IT security measures. Anti-Virus technology based on ‘Application Whitelisting’ as well as Intrusion Detection Systems / Intrusion Prevention Systems (IDS / IPS) are now viable options in the ICS space.

Secure Architecture

System Architectures must provide multiple levels of security. Connecting the enterprise and control networks via a De-Militarized Zone (DMZ) reduces the exposure of the ICS network and allows close monitoring of exposed assets.

The control network should then be further broken down into functional ‘zones’, with strict rules defining their interaction. This helps to contain a cyber-incident and can also improve network performance.

Security Policies & Training

To ensure that both Business needs and Security requirements are met, cross-functional teams should be established to develop and maintain security policies. Employees must be adequately trained and responsibilities assigned to ensure that these security policies are enacted.

With the trend of attackers targeting individuals rather than trying to penetrate the network perimeter directly, it is also imperative that all employees understand the signs of social-engineering and the potential impact of their actions.

Developing an in-depth strategy that addresses the products, architecture and employee practices will provide the best defence against cyber threats and protect an organisation from a potential security breach. 

[The IICA has partnered with PACE to bring together experts to present leading edge applications and case studies on Cyber Security. The Defend Your Facility from Cyber Attacks seminar will be on October 30, 2013 in Sydney; email nsw@iica.org.au or call 0410 334 333 for more information. Warwick Black will be presenting at the seminar.]]

About Warwick Black
Warwick Black studied Mechatronic Engineering at Sydney University, joining Citect in 2005, which was later acquired by Schneider Electric. Including a three year secondment to The Netherlands, he spent six years troubleshooting some of the most difficult SCADA issues; performing on-site debugging, training and technical workshops in over 12 countries, on sites ranging from Potato Chip factories, to Uranium Enrichment facilities. Since returning to Australia, he was involved in running an internal training program covering the Schneider Electric Plantstruxure offer, specialising in SCADA and Cybersecurity. He is currently the R&D Security Architect for Schneider’s Citect & Vijeo SCADA offers, as well as Historian and Ampla.

[Image courtesy Dymo.]