How to Approach Cyber Security for Industrial Control Systems

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Today’s industrial control systems (ICS) face an array of digital threats. Two in particular stand out. On the one hand, digital attackers are increasingly targeting and succeeding in gaining unauthorized access to industrial organizations. Some actors use malware, while others resort to spear-phishing (or whaling) and other social engineering techniques. Those tactics notwithstanding, most of the major ICS security incidents we heard about in 2016 fortunately caused only disruption, not destruction, to the organizations they affected.

On the other hand, Trend Micro’s researchers found, for example, that actors can leverage passive intelligence to eavesdrop on unencrypted pages sent between beepers used in industrial environments. Those attackers can then use that stolen information to conduct social engineering attacks, break into an organization, or create false alarm scenarios that could affect industrial operations.

To protect against those threats, it’s important that companies take adequate steps to create effective industrial security programs and prioritize organizational risks. Belden has developed a 1-2-3 approach to industrial cyber security, organized to help reduce complexity, prioritize risks and get started securing the industrial network, endpoints and control systems.

 

belden-1-2-3-approach-to-industrial-cybersecurity_2

1. SECURING THE NETWORK

Industrial organizations that want to secure their networks should begin by making sure they have a good network design with well-secured boundaries. Once they complete that initial step, enterprises should segment their networks by implementing the ISA IEC 62443 standard, secure all of their wireless applications, and deploy secure remote access solutions to help with fast troubleshooting and problem-solving.

Companies should also monitor their networks. Katherine Brocklehurst of Belden feelsit’s increasingly important for them to do so in OT environments:

“Monitoring the security status of a network is common practice for IT security teams but less common in operations environments…[there is also] value in monitoring industrial network infrastructure equipment such as routers, switches, gateways etc. These systems connect the segments and can be compromised. They need to be assessed, a baseline taken and a monitoring effort applied.”

2. SECURING THE ENDPOINTS

OT professionals might feel their organization’s endpoints are protected against digital attacks by perimeter firewalls, proprietary software, specialized protocols, and airgaps but that just isn’t the case. The moment employees, contractors or supply chain personnel walk in with their laptop or a USB to conduct maintenance, these safeguards are bypassed.

As a result, Kathy Trahan of Tripwire says companies should be doing more to secure their industrial endpoints:

“To mitigate OT attacks, PC-based endpoints in the OT environment need to be protected, and organizations need to defend their IT endpoints against attacks that traverse over to the OT environment. An overarching endpoint security strategy needs to be in place for OT and IT environments.”

A starting place for many organizations is to gather and maintain an accurate inventory of all endpoints’ hardware and software, tracking the vulnerabilities in OT assets, assuring secure and hardened configurations are in place  at each endpoint, and monitoring and alerting on unauthorized changes.

3. SECURING THE CONTROLLERS

In every industrial environment, there are physical systems – mechanical devices such as accuators, calibration devices, valves, and an array of sensors for temperature, pressure, etc. that interact with the physical world. Bad actors have gained access to these mechanical devices in many documented cases, causing those systems to malfunction, but they have no direct way of doing so without gaining access to the control level.

To get around that obstacle, some attackers target the industrial controllers responsible for managing those systems. Brocklehurst explains in another blog post:

“…[P]hysical systems are connected back to a type of specialized computer that actually controls it.  It is these specialized computers that make the bridge between controlling the physical systems and receiving programming or instructions from a network. These are the industrial controllers, and they are the systems being targeted to create physical damage or disrupt a revenue generating industrial process in cyber attacks. Industrial controllers come in different varieties, but you will hear terms such as PLC (programmable logic controllers) and DCS (distributed control systems) used commonly to refer to different types of these.”

Here’s an example of an easy-to-remember controller we come into contact on a daily basis.

 

honeywell_round_thermostat

 

It’s a regular old thermostat that interacts with a heating system to warm a house or building.

Organizations can protect industrial controllers against digital attacks by enhancing their detection capabilities and visibility into ICS changes and threats, implementing security measures for vulnerable controllers, monitoring for suspicious access and change control, and detecting/containing threats in a timely manner.

CONCLUSION

Given the growing complexity of industrial environments, it’s important that organizations make an effort to adequately protect against digital threats. Doing so requires a multi-step approach that focuses on network security, endpoint security, and industrial controller security.

Interested in learning more about how to defend your industrial control systems with Tripwire? Click here to find out more.

Alternatively, you can read the SANS 2016 State of ICS Security Report here.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
2281 Followers
About Tripwire
Tripwire is a leading provider of endpoint detection and response, security, compliance and IT operation solutions for enterprises, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics.
Promoted Content
18 Expert Tips for Effective and Secure Cloud Migration
Under the Shared Responsibility Model, migrating organizations need to ensure security in the cloud by taking adequate measures to protect their data. They also must carefully choose a cloud service provider that takes the protection of its infrastructure seriously. To help organizations with these tasks, Tripwire spoke with 18 experts on how enterprises can secure their cloud environments. Their comments provide key guidance on best practices for effective and secure cloud migration. Download this e-book to understand: - Common security considerations to keep in mind when migrating to the cloud - How cloud security compares to on-premises security - Best security controls for protecting cloud-based data

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel