ICS Security Tutorial
ICS security tutorial is designed to provide guidelines for implementing secure industrial control systems (ICS). Such ICS, compromising of supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as skid-mounted Programmable Logic Controllers (PLC) are usually applied in the industrial control areas.
ICS, SCADA, DCS, and PLCs Applications in Industry
ICS are usually applied in various industries including electric, water and wastewater, oil and natural gas, transportation, chemical, pharmaceutical, pulp and paper, food and beverage, and discrete industrial (e.g., automotive, aerospace, and durable goods). SCADA systems are usually used to control scattered assets by deploying centralized data acquisition and supervisory control. DCS are commonly used to control manufacture systems across a local area such as a factory using supervisory and regulatory control. PLCs are usually utilized for distinct control for explicit applications and usually support regulatory control. These control systems are crucial to the functionality of the U.S. vital organizations that are often highly connected with each other and equally dependent systems. It is essential to remember that about 90% of the nation’s vital infrastructures are owned and operated by the private sectors. Federal organizations also operate many of the ICS stated above; other examples contain air traffic control and materials handling (e.g., Postal Service mail handling).
Introduction to ICS
ICS used to demonstrate small similarities to conventional information technology (IT) systems where ICS were discrete systems operating exclusive control procedures using unique hardware and software. Broadly accessible now, inexpensive Internet Protocol (IP) instruments are currently substituting proprietary solutions, enhancing the likelihood of cyber security vulnerabilities and incidents. As ICS are embracing IT solutions to sponsor corporate business systems connectivity and distant access possibilities, and are being designed and employed using industry standard computers, operating systems (OS) and network procedures, they are initiating to look like IT systems. Such combination stimulates new IT capabilities, but it offers drastically less protection for ICS from the outside world than the forerunner systems, which generate a higher demand to secure these systems. While security actions have been designed to cope with these security problems in typical IT systems, particular protections must be applied when presenting these same solutions to ICS ecosystems. In some cases, new security solutions are required that are adjusted exclusively to the ICS environment.
While some features are the same, ICS also have features that vary from conventional IT processing systems. Many of such differences come from the fact that rationale performing in ICS has a direct impact on the physical world. Some of these features contain vital risk to the health and safety of human lives and severe harm to the environment, as well as severe financial problems such as manufacture losses, negative effect to a nation’s economy, and negotiation of proprietary information. ICS demonstrate exclusive performance and reliability requirements and often apply operating systems and applications that may be thought as unusual to normal IT personnel. Also, the objectives of safety and productivity often are in disagreement with security in the design and operation of control systems.
Initially, ICS applications were vulnerable mainly to local threats because many of their elements were in physically protected areas and the elements were not linked to IT networks or systems. But, combining ICS systems with IT networks offers dramatically less protection for ICS from the outside world than the previous systems, generating a higher demand to protect these systems from remote, external threats. Moreover, the higher use of wireless networking puts ICS applications at higher risk from adversaries who are in rather close distance but do not have direct physical access to the system. Threats to control systems can stem from various sources, compromising adverse governments, terrorist groups, disgruntled employees, malicious intruders, complexities, accidents, natural disasters as well as malicious or accidental actions by insiders. ICS security goals usually keep on with the order of accessibility, honesty, and privacy.
Possible Incidents of ICS
- Blocked or delayed current of information through ICS networks
- Unauthorized modifications to instructions, commands, or alarm thresholds
- Wrong information sent to system operators, either to mask unauthorized modifications, or to trigger the workers to take wrong actions
- ICS software or formation settings changed, or ICS software infected with malware
- Meddling with the operation of safety systems,
Major Security Objectives for an ICS Implementation
- Limiting rationale admission to the ICS network and network activity, including the use of a demilitarized zone (DMZ) network architecture with firewalls to protect network traffic from passing directly through the corporate and ICS networks, and having discrete verification systems and identifications for users of the corporate and ICS networks. The ICS should also apply a network topology with multiple layers, including the most vital communications happening in the most secure and reliable layer.
- Limiting physical access to the ICS network and devices.
- Protecting each ICS component from exploitation.
- Sustaining functionality during hostile conditions.
- Reinstating system after an incident.
Defense Strategy for a Typical ICS
- Developing security guidelines, protocols, training and educational material that apply exclusively to the ICS.
- Considering ICS security policies and procedures based on the Homeland Security Advisory System Threat Level, implementing progressively sharp security poses as the Threat Level upsurges.
- Considering security within the lifecycle of the ICS from architecture design to procurement to deployment to maintenance.
- Establishing a network topology for the ICS having multiple layers, with the most crucial communications happening in the most protected and reliable layer.
- Offering logical separation between the corporate and ICS networks.
- Utilizing a DMZ network architecture
- Confirming that vital elements are dismissed and are on redundant networks.
- Designing acute systems for graceful degradation (fault tolerant) to inhibit catastrophic incidents.
- Incapacitating idle ports and services on ICS devices after testing to make sure this will not affect ICS operation.
- Limiting physical access to the ICS network and devices.
- Limiting ICS user advantages to only those that are necessary to carry out each person’s job.
- Considering using discrete verification systems and identifications for users of the ICS network and the corporate network.
- Applying up-to-date technology, such as smart cards for Personal Identity Verification (PIV).
- Establishing security controls including interruption detection software, antivirus software and file integrity checking software, where technically feasible, to inhibit, delay, identify, and reduce the insertion, contact, and broadcast of malicious software to, inside, and from the ICS.
- Using security methods such as encryption and/or cryptographic hashes to ICS data storage and communications.
- Expeditiously organizing security reinforcements after testing all patches under field conditions on a test system if possible, before installation on the ICS.
- Tracing and monitoring audit imprints on vital areas of the ICS.
ICS Operation Key Components
- Control Loop
- Human-Machine Interface (HMI)
- Remote Diagnostics and Maintenance Utilities
ICS Key Control Components
- Control Server
- SCADA Server or Master Terminal Unit (MTU)
- Remote Terminal Unit (RTU)
- Programmable Logic Controller (PLC)
- Intelligent Electronic Devices (IED)
- Human-Machine Interface (HMI)
- Data Historian
- Input/ Output (IO) Server
ICS Network Components
- Fieldbus Network
- Control Network
- Communications Routers
- Firewall
- Modems
- Remote Access Points
ICS Risk Factors
- Applying standardized procedures and technologies with known vulnerabilities
- Connectivity of the control systems to other networks
- Vulnerable and rogue connections
- Extensive accessibility of technical information about control systems
Incidents’ Reporting Components
- Incident title
- Date of incident
- Reliability of report
- Type of incident (e.g., accident, virus)
- Industry (e.g., petroleum, automotive)
- Entry point (e.g., Internet, wireless, modem) Perpetrator
- Type of system and hardware impacted
- Brief description of incident
- Impact on organization
- Measures to prevent recurrence
- References
Benefits of Implementing ICS Security System
- Refining control system reliability and accessibility
- Enhancing employee confidence, loyalty, and memory
- Decreasing community concerns
- Improving investor assurance
- Decreasing legal liabilities
- Improving the corporate image and reputation
- Assisting with insurance coverage and cost
- Enhancing investor and banking relations
ICS Network Architecture
- Firewalls
- Logically Separated Control Network
- Network Segregation
- Recommended Defense-in-Depth Architecture
- General Firewall Policies for ICS
- Recommended Firewall Rules for Specific Services
- Network Address Translation (NAT)
- Specific ICS Firewall Issues
- Single Points of Failure
- Redundancy and Fault Tolerance
- Preventing Man-in-the-Middle Attacks
ICS Security Controls
- Management Controls
- Security Assessment and Authorization (CA)
- Planning (PL)
- Risk Assessment (RA)
- System and Services Acquisition (SA)
- Program Management (PM)
- Operational Controls
- Personnel Security (PS)
- Physical and Environmental Protection (PE)
- Contingency Planning (CP)
- Configuration Management (CM)
- Maintenance (MA)
- System and Information Integrity (SI)
- Media Protection (MP)
- Incident Response (IR)
- Awareness and Training (AT)
- Technical Controls
- Identification and Authentication (IA)
- Access Control (AC)
- Audit and Accountability (AU)
- System and Communications Protection (SC)
How Can You Learn More About ICS and ICS Security?
TONEX offers hands-on training courses on ICS security:
Industrial Control System and SCADA Cybersecurity Training
ICS Security Tutorial