Industrial Control System Cybersecurity Practices

Industrial Control Systems Cybersecurity
Industrial Control Systems Cybersecurity

Industrial Control System Cybersecurity

Guidance for Industrial Control System (ICS) Cybersecurity was released on May 22, 2020.  This two page infographic is a joint release from the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Energy (DOE), and the UK’s National Cyber Security Centre (NCSC).  This release addresses the urgent need for owners and operators to adopt new technologies and improve operational efficiencies to secure critical infrastructure.

Manufacturing and Infrastructure Highly Vulnerable

A number of recent cyberattacks to industrial targets illustrate the degree of vulnerability and the costs of breached security.  In February 2020 a natural gas compression facility was attacked.  This led to a two day shutdown of the vital facility.  On May 10, 2020 Iran’s port, Shahid Rajaee, was a the victim of an attack.  Subsequently the port was inoperable for days. 

Most industrial sites are comprised of legacy IT systems that predate cybersecurity requirements.  Additionally, many facility managers or maintenance personnel have insufficient expertise in IT and requisite cybersecurity protocols.  Therefore many complex systems have high vulnerabilities that are extremely difficult to secure. 

Most Prevalent ICS Weaknesses and Risks

CISA has identified the following weaknesses and risks to Information Technologies (IT) and Operational Technologies (OT):

Boundary Protection

Unauthorized activity in critical systems is often undetected.  Additionally, there are often insufficient boundary protection between a facilities Industrial Control Systems (ICS) and its enterprise systems.

Principle of Least Functionality

Because of the complexities of industrial sites, there are ever increasing vectors for malicious access to critical systems.  This provides opportunities for rogue internal access.

Insufficient Identification and Authentication

The report sites a lack of traceability and accountability of personnel that have access to large facilities and has special concern for those with administrator access.

Physical Access Control

Inadequate controls on physical access to large facilities is a major problem.  Unauthorized personnel can modify, copy, or delete device programs and firmware.  They can tap into networks, vandalize assets, and add rogue devices to retransmit network traffic.

Recommended Industrial Control System Cybersecurity Measures

A number of recommendations were made in this report.   These recommendations include the following:

Risk Management

The first action taken should be to develop an effective Information Security Management System (ISMS) to identify potential threats.  This process would include compiling and maintaining an inventory of all ICS assets.  Once this has been accomplished policies and procedures can be created.  These procedures should include adequate training of all personnel and provide practice incident responses.  These policies and procedures should establish rules of cybersecurity behavior and promote a culture of information exchange for constant improvement.

Physical Security

Control of physical access is crucial.  Lock downs of electronics, multi-factor authentication, and establishment of controlled spaces are important measures. 

ICS Network Architecture, Perimeter Security, and Security Monitoring

Recommendations include:

  • Network segmentation
  • Multiple layer topologies that prioritize security to most critical communications
  • Configuration of firewalls to control traffic between ICS and corporate IT
  • Restrict persistent remote connection to networks
  • Catalog and monitor all remote connections
  • Measuring baseline network traffic
  • Creation of alarms for network Intruder Detection Systems (IDS)
  • Set up Security Incident and Event Monitoring(SIEM) to monitor, analyze, and correlate eventlogs from across the ICS network to identify intrusion attempts.

Host Security

  • Test all patches in off-line test environments before implementation.
  • Implement application whitelisting on human machine interfaces.
  • Harden field devices, including tablets and smartphones.
  • Replace out-of-date software and hardware devices.
  • Disable unused ports and services on ICS devices after testing to assure this will not impact ICS operation.
  • Implement and test system backups and recovery processes.
  • Configure encryption and security for ICS protocols.

CVG Strategy

CVG Strategy is committed to assisting manufactures establish effective cybersecurity systems.  Our Cyber Security consulting and training programs give you the necessary knowledge to ensure that safeguards are consistently applied to protect valuable information and production assets.  We can help your business develop an effective ISO 27001 ISMS.  We also have expertise in NIST 800-171 and can help with CMMC Certification.  Contact Us today to see how we can help.