MAY-JUN 2017

Issue link:

Contents of this Issue


Page 28 of 53

INTECH MAY/JUNE 2017 29 AUTOMATION IT attempt to reduce availability of the system or its components. Common DoS attacks attempt to crash devices or their software applications. More sophisticated DoS attacks may attempt to shut down equipment or affect physical processes. The most common entry points in an ICS are human-machine interfaces (HMIs), ICS net- work interfaces, and device interfaces (figure 1). Each is discussed below. Human-machine interface entry points are devices used within the ICS that have a user interface. They include operator consoles, en- gineering workstations, handheld devices, lap- tops, tablets, and smartphones. They are argu- ably the most commonly used entry points, because every successful login, even by autho- rized personnel, provides the potential for an attack. Common examples include engineering, operator, and maintenance HMIs. For an attack through an HMI to succeed, a log- in session with the ICS must first be established. For authorized users, logging in is often part of normal operation. If unauthorized users can gain physical access to an HMI, they may be able to look over a user's shoulder to observe dis plays and keystrokes, or even record them with a cell phone. The attacker may then use stolen creden- tials to log in to an unattended workstation, or alternatively, may be able to hijack a user session if it is left unattended. Defensive measures: The first layer of defense for HMIs is to attempt to prevent attackers from viewing HMI displays and to keep them from using HMIs to access the system. Protections should include both physical security controls and user authentication mechanisms. Physical security controls create restricted access areas for HMIs where physical access is limited to authorized users, and physical ac tions can be monitored and recorded for suspicious and malicious activity. Physical access controls are best supplemented by an active security awareness program that describes what to do, such as challenging unknown individuals and locking the screen when leaving an HMI unat- tended, and what not to do, such as using unau- thorized USB memory sticks. User authentication mechanisms verify the us- er's identity. In general, users are represented by accounts that associate user identities with roles, privileges, and permissions. User identities are verified through the use of credentials the user provides to authentication mechanisms. Credentials usually consist of a user identifier, such as a name, number, or email address, and one or more secrets known or possessed by the user, such as a password, personal identification number (PIN), smart card, retinal scan, or finger- print. All successful and unsuccessful credential validations, such as login attempts, should be logged. Credentials should be carefully managed using industry best practices to protect against disclosure and unauthorized modification. It is not uncommon in an ICS environment for an HMI to require the operating system (OS) login that follows startup (boot) of the HMI workstation to persist across operator shift changes. In these cases, all operators use the same OS session to eliminate the need for closing and reopening control system applications and data viewing screens that would occur if an OS logout and login were required. The identity of the operator, not the identity of the logged-on OS user, should be used when autho- rizing and logging control system actions. There- fore, a separate login and authorization scheme for control system users should be provided. It is highly recommended that control system users not be allowed to log in to perform control actions when the logged-on OS user has elevated privileges and permissions, such as those of the administrator or power user. This helps prevent lower-privileged users, such as operators, engi- neers, and desktop applications that have been infected, from installing software, modifying FAST FORWARD l Industrial control system cybersecurity can be intimidating, with high stakes and sophisticated technology. l Does ICS cybersecurity really have to be so complicated? In theory, yes, but in practice, no. l Automation professionals can begin with a layered defense-in-depth ICS security approach by answering a few basic questions. Control ler ICS ne twork device ICS de vi ce Da ta s e rve r PLC Va l ve Pump Se nsor Fl ow s e nsor IO Modul e Le ve l s e nsor Pre s s ure s e nsor Wi re less ga te way ICS pe ri meter s e curity devi ce Ope ra tor HMI Supervisory control Control and monitoring ICS swi tch Engi neering HMI ICS swi tch ICS Figure 1. HMI entry points

Articles in this issue

Archives of this issue

view archives of InTech - MAY-JUN 2017