Focusing on security
23 October 2012
Rick Kaun, Industrial IT Solutions at Honeywell Process Solutions, discusses the urgent need for improved defense-in-depth postures for industrial control systems.
About 10 years ago, you wouldn’t have found many industrial control engineers asking questions about cyber security. In fact, the corporate IT gurus seemed to have responsibility for that area, and industrial control systems experts seemed to think the control system was virtually immune to cyber attacks.
This all began to change when commodity operating systems and hardware became more prevalent in control system configurations. However, even with those changes, it took security issues several more years to gain broad attention within the ranks of industrial control systems Since Stuxnet appeared, in June of 2010, it seems that everyone in the industrial control systems community is talking about security breaches, how to stop them, and how to plan for a more secure digital environment.
Threats and vulnerabilities are often discussed together. Consider that threats come from internal and external sources – they are any event that disrupts normal operation, while a vulnerability is a weakness in the control system’s network, policies, practices, or security culture.
The list of potential causes of digital breaches of an industrial control system parallels the list confronted by the business IT organisations around the world. There are differences in the mindset of the business IT professional and that of the Industrial IT professional – primarily focusing on the importance placed on system availability. This difference in mindset results in the application of different techniques or approaches in resolving similar issues. The key takeaway here is that Industrial IT requires the sensitivity of industrial control systems know-how. For today’s industrial control systems management, that might mean inducting business IT professionals into the control systems staff or training control systems staff to become Industrial IT experts.
The elusive air gap
Recently, you might have heard more comments about control systems environments being less vulnerable to cyber attacks because of an air gap – a method intended to secure a network by isolating it from potentially insecure networks. The air gap seems like a perfect solution – however, for most installations, it simply doesn’t work. What happens when you need updates to the air-gapped system? The first solution that comes to mind might be ‘put the changes on a USB stick.’ Yet this sneakernet method is how Stuxnet was transmitted!
As much as we would like to pretend otherwise, modern control systems need a steady diet of electronic information from the outside world. Severing the network connection with an air gap simply spawns new pathways – like the mobile laptop and USB key, which are more difficult to manage and just as easy to infect.
Survey findings (Managing Automation Systems: Critical Infrastructure Operator’s Challenges & Opportunities, Industrial defender, 2011) indicate that 70% of control engineers expect to see either significant or moderate increases in connectivity between industrial endpoints and corporate IT infrastructure over the next three to five years.
But, what does this mean for industrial control system security? We must recognise that a modern ICS or SCADA system is highly complex and interconnected, resulting in multiple potential pathways from the outside world to the process controllers. Assume that an air gap between ICS and corporate networks is unrealistic, as information exchanges are essential for process and business operations to function effectively. Therefore, all mechanisms for transfer of electronic information to or from an ICS must be evaluated for security risk. Focusing on only a few obvious pathways, such as USB storage drives or the Enterprise/ICS firewall, is a flawed defence.
All control industries should begin to include security assessments and testing as part of the system development and periodic maintenance processes on all ICS – just one step in implementing defense-in-depth.
If the critical infrastructures of the world are to be safe and secure, then the owners and operators need to recognise that their control systems are now the target of sophisticated attacks. Improved defense-in-depth postures for industrial control systems are needed urgently. Waiting for the next worm may be too late.
Contact Details and Archive...
Most Viewed Articles...