MAY-JUN 2017

Issue link:

Contents of this Issue


Page 27 of 53

28 INTECH MAY/JUNE 2017 WWW.ISA.ORG By Lee Neitzel and Gabe Faifman I ndustrial control system (ICS) cybersecurity can be intimidating. The stakes are high, and the technology is sophisticated. Ask any in- dustrial cybersecurity expert about it, and you are likely to hear that ICS cybersecurity is dif- ferent from information technology (IT) cyber- security, that security risk assessments are in- dispensable, and that cybersecurity discussions are littered with highly specialized terminology. So far, that leaves us where we started, with a seemingly complex problem. But, does ICS cybersecurity really have to be so complicated? In theory, yes, but in practice, no. From a practical perspective, you can begin building in a layered ICS security approach, of- ten called defense-in-depth, by answering a few basic questions: l Where can the attacker gain entry or break in to your ICS? Adding security to protect entry points is a first layer of defense. l Once an attacker gains entry, what will the at- tacker do next? Providing barriers to absorb or deflect different types of attacks adds a second layer of defense. l What are the ultimate objectives of an attack? Hardening the targeted elements of the sys- tem provides a third layer of defense. This article explores possible answers to these questions and describes common defense-in- depth mechanisms for ICS systems. The selection of appropriate mechanisms for an ICS should be based on a thorough security assessment. The primary goal of defense-in-depth is to re- strict access to the ICS in terms of who has ac- cess and what they are permitted to do. Access controls include physical, procedural, and tech- nical means. While perfect security is seldom achieved, the intention is to make it so difficult for attackers that they never try or they aban- don an attack after becoming frustrated with at- tempting to penetrate multiple layers of defense. Of primary importance for success is both the organization and its people accepting the need for a defense-in-depth strategy. Without conscious efforts to keep systems secure, technical means by themselves will be inadequate. It is much easier to steal a car with its doors unlocked and with keys in the ignition than it is to steal one that is locked with keys nowhere to be found. Gaining entry to an ICS The first step in developing an effective ICS de- fense-in-depth strategy is to determine where the attacker may be able to gain entry to the system. Entry points are interfaces of devices in the ICS that are accessible to attackers, such as commu- nications interfaces and USB ports. Attackers can not only use these entry points to break into an ICS, but they can also use them to attempt denial- of-service (DoS) attacks on the ICS. DoS attacks A practical approach to ICS cybersecurity Does ICS cybersecurity have to be complicated? In theory, yes, but in practice, no

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - MAY-JUN 2017