InTech

MAY-JUN 2017

Issue link: http://intechdigitalxp.isa.org/i/833037

Contents of this Issue

Navigation

Page 30 of 53

AUTOMATION IT INTECH MAY/JUNE 2017 31 and maintenance should be controlled by change management procedures, and they should be performed only by autho- rized network administrators. In addi- tion, backup copies of the configuration should be stored in a secure location. Administrative connections for config- uration and maintenance should use mu- tual authentication and role-based access controls that limit network administrators to only those operations that they need, such as viewing, configuring, upgrading software, and installing patches. Encryp- tion should be used for configuration. Maintenance sessions and cryptographic methods, such as encryption or crypto- graphic hashes, should be used for storing sensitive data, such as user credentials, in the perimeter security device. Once inside, the attack continues Understanding how various types of at tacks are conducted after an attacker gains access is critical to defending an ICS. This understanding will help you to develop customized scenarios of how your ICS can be attacked, often referred to as threat modeling, and add appro- priate defense-in-depth safeguards. Once access has been gained to the system, the attacker generally attempts to misuse, abuse, or corrupt the system with a combination of user interfaces, communications protocols, and untested software (e.g., games and malware). One of the primary objectives of these attacks is to escalate OS privileges to give the at- tacker control of the device under attack. If an attacker gains control, he or she will have free reign to carry out the attack. Misuse or abuse of the system can affect the system at two levels: compro - mising OS resources, such as files, reg- istry entries, and OS user account in- formation, and compromising control system resources, such as set points, alarm limits, historical values, and con - trol system account information. Of considerable concern is the ability of an attacker who has access to OS resources that contain control system data, such as configuration files and access control lists of the control system. In these cas - es, the attacker may be able to compro- mise the control system by tampering with data managed by the OS, even if the attacker does not have control sys - tem privileges and permissions. An example attack begins with a logged-on user copying a file infected with malware through the network, from a USB memory device, or from a CD or DVD. Alternatively, the attacker may find a vulnerability in a communi - cations protocol and exploit it to infect the application with the malware. The purpose of this malware may be to re - cord keystrokes or to prompt users for passwords, and then send them back to the attacker to use to log in to the system or pivot/hop to another computer in the system. More information on a practical approach to ICS cybersecurity The expanded web exclusive ver- sion of this article (www.isa.org/ intech/201706web) explores many at- tack methods and includes these ad- ditional cybersecurity topics: local network devices, device interfaces, Ethernet ports, application end points, peripheral ports, I/O ports, user inter- face attacks, communications proto- col attacks, untested code attacks, and reaching the target of the attack. n ABOUT THE AUTHORS Lee Neitzel (lee.neitzel@ge.com) is a senior engineer at Wurldtech Security Technolo- gies, a GE company. He has been involved in security and network standards for more than 30 years and is currently leading the development of the IEC 62443 standards and conformance assessment program. Neitzel holds multiple patents in the area of control system cybersecurity and has a master's degree in computer science with a focus on computer security from George Washington University in Washington, D.C. Gabe Faifman is the director of strategic programs for Wurldtech Security Tech- nologies. Faifman has been involved for 25 years in the design, deployment, and operation of automation and security in- frastructure projects in the power genera- tion, power distribution, oil and gas, and food and beverage industries. He holds a BS in electronics engineering from the Uni- versity of Buenos Aires and a CSS1 InfoSec Professional certification from NSA. View the online version at www.isa.org/intech/20170605. Enterprise system Da ta serve rs HMI DMZ IT ne twork s ecurity devi ce IT ne twork s ecurity devi ce Control and monitoring ICS Supervisory control Internet ICS pe ri meter s e curity devi ce ICS swi tch Figure 2. Perimeter security devices should be connected externally only to DMZs that reside between perimeter security devices and plant networks.

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - MAY-JUN 2017