InTech

SEP-OCT 2017

Issue link: http://intechdigitalxp.isa.org/i/882230

Contents of this Issue

Navigation

Page 32 of 57

INTECH SEPTEMBER/OCTOBER 2017 33 SPECIAL SECTION: CYBERSECURITY Since then, attacks on the Ukrainian power grid, attacks on nuclear power plants in the U.S., and the rapid pro - liferation of ransomware like Wanna- Cry eliminated any doubts about the seriousness of the cybersecurity threat that ICS connectivity presents. And the threat only grows as the industrial sec - tor speeds adoption of connectivity- based capabilities, such as remote ac- cess and cloud computing. We hear about new ICS threats daily, many originating from compromised information technology systems. Effec- tively defending against these threats in an increasingly connected environ- ment is a formidable challenge. Expanding threats Successful attacks on an ICS require a high degree of specialized knowledge above and beyond that required to hack into traditional IT systems. How- ever, the number of attackers with ICS expertise is growing. It is true that there are fewer ICS at- tackers than IT ones out in the world. However, the risk ICS attackers pose to safety, productivity, and profitability is substantial and rapidly expanding. Blurred line Actions that an external threat ac- tor takes when launching a malicious attack on an ICS are eerily similar to the inadvertent errors that well- intentioned automation engineers have been making for decades. These errors include accidently moving the wrong valve at the wrong time, shutting down the wrong pump, or unintention - ally bypassing the safety instrumented function. All of these can cause indus- trial accidents and production outages that are just as devastating as a malicious external attack. It is extremely difficult to distinguish between mistakes made by a good engineer having a bad day and ma - licious changes made by a threat actor ex- ecuting a critical infrastructure attack on behalf of a nation state. Protecting the ICS In light of the increasing threats to ICSs, protecting the mission-critical ICS core is more important today than ever. There are important steps you must take to better protect these systems. Over the past few years, many IT organizations have focused on imple- menting foundational IT security con- trols. Such controls include: l actively maintaining an inventory of authorized hardware and software l hardening device configurations and managing change l assessing and remediating vulner- abilities l controlling access to systems In industrial environments, imple- menting foundational security controls is even more important than imple- menting controls for IT systems, be- cause the impact of OT systems is so much greater. Implementation of foun- dational ICS security controls in OT delivers additional benefits. For exam- ple, the foundational security controls implemented to protect against exter- nal attacks also protect against internal threats, such as human error and malicious insiders. However, effec- tively implement- ing foundational controls in OT requires a differ - ent mindset re- garding the nature and definition of endpoints. IT end- points typically in- clude workstations, servers, routers, and switches. OT endpoints expand beyond these Level 2 systems and in- clude endpoints that reside in Levels 1 and 0 in the Pur- due model, such as controllers, safety instrumentation systems, remote terminal units, I/O m o d u l e s , a n d field instruments that convert digi- tal signals to ki - netic energy and cause the movement of molecules and electricity. Due to the unique characteristics of industrial endpoints, implementing foundational controls in OT requires ICS-specific solutions that effectively recognize and secure both Level 2 end- points and the mission-critical, pro- duction-centric endpoints that reside in Levels 1 and 0. Foundational ICS cy bersecurity controls include: l inventory tracking and management l change and configuration management l vulnerability assessment and management l compliance management l backup and recovery Implement defense in depth In addition to implementing founda- tional ICS cybersecurity controls, you should also implement other aspects of a defense-in-depth strategy in your industrial facility. "Defense in depth" refers to employing multiple inde -

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - SEP-OCT 2017