12:48 pm (UTC-7) | by Paul Ferguson (Senior Threat Researcher)
ICS (Industrial Control Systems) Networks have been really big news lately, due to a spate of vulnerabilities, high-publicized breaches, and various other security concerns.
ICS Networks are defined as networks or collections of networks that consist of elements that control and provide telemetry data on electromechanical components. Such components include valves, regulators, switches, and other electromechanical devices that one may find in various industries such as oil and gas production, water processing, environmental control, electrical power generation and distribution, manufacturing, transportation, and many other industrial settings.
Without getting into detail for each particular industry segment, each of these ICS environments share a common fate —- they are not “traditional” IT network environments and should not be treated as such. Most ICS networks share similar security challenges because of this uniqueness. These challenges are made more complex by the interaction of ICS elements with physical industrial components.
Failure to properly control or restrict access to these elements can lead to catastrophic accidents. Many of the industrial systems managed by these elements are considered “critical infrastructure (CI)” and require a much more specialized security architecture than traditional IT environments.
Supervisory Control and Data Acquisition (SCADA) networks can be defined as the network layer that immediately interfaces with ICS networks as well as host systems that control and monitor elements of ICS networks.
SCADA/ICS networks differ from other networks only in the network elements, management platforms, and sensitivity. All-in-all, they suffer from exactly the same threats as other networks, but with even more potentially catastrophic outcomes.
The biggest issue with SCADA/ICS security is that the ICS community has (for the most part) enjoyed living in a “bubble” for many years – they used proprietary protocols, on specialized & proprietary platforms, on dedicated slow-speed communications infrastructure (even some dial-up), and were completely disconnected from other networks (e.g. the Internet).
Now, the SCADA/ICS community is grappling with the security issues of using commodity hardware and software (e.g. Microsoft Windows), being connected to other external networks (enterprise networks and ultimately the Internet), a chaotic & uncontrolled vulnerability disclosure regime (ICS vulnerabilities being targeted for exploitation), and all other manner of threats that the rest of the general IT security industry has been dealing with for many years.
Yes, some ICS network operators are behind the curve, and yes, some are overwhelmed by these circumstances. But the overall SCADA/ICS community is improving it’s security posture more and more every day.
I have put together a tech note white paper Entitled “Towards a More Secure Posture for Industrial Control Systems“ which briefly discusses some basic beneficial security architecture elements for this environment.
This paper illustrates what I believe should be considered required elements in every ICS network integration effort. It also covers best practices when integrating with SCADA and existing organizational networks as well as the rationale for and importance of each component of the suggested architecture. It is not intended to be an all-inclusive guide for ICS/SCADA security, but rather just a high-level overview of some basic architectural elements which can increase the security posture of an ICS deployment.
Share this article