We live in a world where connectivity is key. It’s brought conveniences to our personal lives, and organizations are adopting it into the industrial world to boost productivity. Industrial control systems (ICS), which manage utilities like water, gas, and electricity, are one such example of this ongoing trend. Organizations are putting ICS systems online so that jobs once carried out manually can now be carried out remotely or with the help of automation. One of the key concerns with growing connectivity in the industrial world is a successful cyberattack and its many consequences. As demonstrated by the June 2017 NotPetya wiper malware outbreak, ICS systems are a key target for cybercriminals. Security should therefore be a priority; given the importance of ICS, one would assume these systems would be running the most secure technology available. This is not the case. Much of the equipment is at risk of aging out, that is, requiring replacement or upgrade with very little security. ICS systems are now vulnerable to a host of digital threats like ransomware and DDoS attacks, which could put the delivery of these utilities at risk. For instance, if a cybercriminal gained access to computer systems and cut off a city's supply of electricity or water, chaos would erupt soon after. Not only are these systems a target for cybercriminal gangs; they are also a target for nation-state actors looking to target a country and attack its critical national infrastructure. So, what needs to happen in this new reality? Where do utilities begin defending against threats they didn’t have to think about before?
A Solid Approach to Protect your ICS Systems: Simple as 1-2-3
To protect ICS systems against today’s online security threats, it is important that companies take adequate steps to create effective industrial security programs and prioritize organizational risks. It can seem daunting to take on, but a strong multi-layered approach can be broken down into three essential steps: 1) Secure the network, 2) Secure endpoints, and 3) Secure the controllers.
1) Securing the Network
Industrial organizations looking to secure their networks should make sure they have a good network design with well-secured boundaries. Enterprises should then segment their networks by implementing the ISA IEC 62443 standard, secure all wireless applications, and deploy secure remote access solutions to help with fast troubleshooting and problem-solving. Companies should also monitor their networks including their industrial network infrastructure equipment.
2) Securing the Endpoints
OT professionals might feel their organization’s endpoints are protected against digital attacks by perimeter firewalls, proprietary software, specialized protocols, and airgaps. That isn’t the case. The moment employees, contractors, or supply chain personnel bring their laptop or USB within the perimeter of the corporate network, these safeguards are bypassed. It is important to ensure all endpoints are secure and to prohibit staff from connecting their own personal devices to the network. Indeed, digital actors can target PC-based endpoints in the OT environment. It's also important for companies to defend their IT endpoints against attacks that traverse the OT environment. A key place for organizations to start with this is to invest in asset discovery, or the process of carrying out an inventory of endpoints on the network. Define controls and automate to assure that the protection is there. Then organizations must assure there are secure configurations in place at each endpoint and monitor those endpoints for unauthorized changes. The versatility of a solution to be able to provide controls in both an IT and OT environment is a strategic play for the organization as a whole. It is key that you define a security platform that is flexible enough to cover IT in depth as well as work with a sensitive OT environment.
3) Securing the Controllers
Every industrial environment has its physical systems – mechanical devices such as actuators, calibration devices, valves, and an array of sensors for temperature, pressure, etc. – that interact with the physical world. These are known as controllers, specialized computers which bridge the act of controlling physical systems and receiving programming or instructions from a network. Malicious actors have gained access to those devices in many documented cases, causing those systems to malfunction for the purpose of causing physical destruction or disrupting an organization. However, those nefarious individuals have no direct way of doing so without gaining access to the control level. Organizations can protect industrial controllers against digital attacks by enhancing their detection capabilities and visibility into ICS changes and threats, implementing security measures for vulnerable controllers, monitoring for suspicious access and change control, and detecting/containing threats in a timely manner. Cybercrime one of the fastest growing industries around today. Its scope has script kiddies carrying out attacks motivated by fun or notoriety to circles that operate as organized and structured businesses. With ICS being such a key target for cybercriminals, organizations need to take steps to adequately protect against digital threats. Doing so requires a multi-step approach that focuses on network security, endpoint security, and industrial controller security. To learn more about this multi-step approach, click here. You can also learn about how Tripwire's solutions can help protect your organization's ICS systems here.