Six critical components of integrated cybersecurity for industrial control systems (ICS)
Examining industrial control system cybersecurity requires looking at audits, access controls, threat detection, risk mitigation, process sensor security and authentication and vendor collaboration.
- Examine six ways to approach industrial cybersecurity.
- Look at internal and external industrial cybersecurity threats, without silos.
- Learn that legacy process sensors lack cybersecurity protection.
With significant security risks and attacks against industrial control systems (ICS) used with critical infrastructure sectors growing in volume and increasingly shared in the media, firms that offer and implement comprehensive solutions are needed. The financial and legal ramifications of breached ICSs are mounting across the world and regulatory agencies are increasingly interested in an organization’s ability to defend against cyber attacks and having them perform a cyber risk assessment.
The fragmentation of partial solutions and the complex integration of these critical pieces is all too common and is becoming a cost and risk that owners are determined to mitigate against. Cyber solutions cannot be developed to try and fit the ICS. Instead, they need to be architected, tested and encompass standard operating procedures that are integrated into the ICS’ operation and maintenance activities.
Threats and cyber incidents – malicious and accidental – occur every day on industrial control networks and users must be aware. These systems are an integral part of the critical infrastructure that facilitate operations in vital sectors such as power generation, oil and gas, water, transportation, food, pharmaceutical and chemical.
Six industrial cybersecurity solutions
As cybersecurity solutions are being increasingly designed into the operations and policies of organizations, there are key constituents that can drive targeted solutions to the ICS environment:
- Audit and application of security policies and procedures developed specifically for control system network and its devices
- Access controls through the local area network (LAN), wide area network (WAN) and physical perimeters complemented with secure data transfers
- Threat detection of abnormal and malicious activity at all levels of the ICS infrastructure
- Risk management and mitigation against possible attacks with an installed security suite of products that enhance and regulate the ICS without disrupting the controlled process – virtualized functions and hardware appliances
- Process sensors security and authentication
- Resolution of key security problems that requires intrinsic relationship with vendors.
The items mentioned above are typically offered through three or four companies; a mixture of original equipment manufacturer (OEM), consultant and software vendors. A grouping of the best-in-class relevant companies will provide end users the best-in-class solution, a one-stop shop.
Look at internal and external cybersecurity threats, without silos
Initiatives by ICS vendors to reduce security risks to control systems in response to growing cyber security threats is resulting in automation professionals being more effective in securing their industrial processes through a combination of control system design and best practices, technologies and professional services. As the ICS represents the core of production, the cyber security processes must address both internal and external threats via multiple layers of defense which mitigates against various types of risk; a risk-informed electronic and physical defense-in-depth methodology.
ICS vendors and automation professionals must be committed to providing an evolving set of products and services that help mitigate risks and improve security of the production assets. The information silos that exist within organizations today result in security information that is rarely shared. Comprehensive solution providers will acquire, integrate and facilitate the adoption of new cybersecurity technologies and deliver that needed comprehensive security product to end users.
A focus on industrial-sensor cybersecurity
ICSs previously satisfied security needs through isolation from enterprise systems and physical security. With today’s demand for remote access capabilities, business systems connectivity and to be designed with industry standard hardware and software, these systems now have a larger attack surface. Organizations can no longer just monitor the digital perimeter; they need to monitor wherever their data can be found and within the automated business processes and vertical channels that can damage the organization’s reliability, safety and integrity if compromised.
Legacy process sensors lack cybersecurity protection
Millions of legacy process sensors are used throughout critical infrastructure sectors without cybersecurity, authentication, or log files, and these are unlikely to be updated to increase security posture. This ecosystem of sensors, communications protocols and inherent technologies make this a barrier to holistic cyber-security management.
The July 2021 Industrial Control System Cybersecurity Initiative announced by the U.S. government is focused on facilitating the deployment of technology and systems that provide a network-based approach to threat visibility, indicators, detections and warnings without consideration of field devices (pressure, temperature, voltage sensors).
Sensors, actuators and electrical drives are engineered systems and not a “network” device, they have been designed to meet operational requirements for processes and to be reliable and safe. These sensors deliver the inputs into the ICS and its network where the notion is made that the sensors’ input is not compromised and correct.
When sensor inputs not being authenticated, the drives and controllers receiving the sensors signals have no means of authenticating the origin of the sensor signals and therefore accept the sensors input and respond accordingly; this is a vulnerability that adversaries can exploit by using backdoors in electric grid equipment and other similar apparatus. There is a deficiency of cyber forensics at the sensor level, which makes it difficult to determine whether incidents were malicious or accidental.
Physical layer monitoring encourages IT/OT collaboration
The continuing focus by stakeholders [information technology (IT) and operational technology (OT) and others] to provide industry with accurate, uncompromised and authenticated process sensor measurement is a basic requirement for equipment monitoring, process safety, process control and cybersecurity as it affects resilience, product quality, digital twins and big data analytics.
Monitoring the physical layer of the process through the sensors instead of the “top-down” network vulnerability approach encourages collaboration between network and engineering teams to identify deviations in the sensors such as drift, supply chain or cybersecurity, which can create a return on investment (ROI) by optimizing process operations, validating digital twins and transitioning to predictive maintenance.
Sensors provide the data from which control-based decisions are made and subsequently should be under the critical assets category for representing the process. If a product becomes contaminated or a control system responds negatively because hackers maliciously manipulated sensor parameters, it can result in equipment damage, injury to personnel, public distrust or a combination of all three.
Water system vulnerability, breach, authentication
In 2020, Israel media reported that hackers had infiltrated its computer network of facilities that control Israel’s water system and disabled a sensor that detects chlorine levels. Without this critical sensor, the chlorine in the drinking water could have reached toxic levels or drop low enough to causes bacteria in the water. Though the attack was unsuccessful, it prompted a major initiative to ensure the sensor devices are reliable and have an authentication process. Process anomaly detection detects any anomaly regardless of cause as well as forecasting component failure.
Sensor vendors and cybersecurity software providers are working together on delivering solutions that are not network anomaly-focused but also identify control process or sensor anomalies by monitoring the situational awareness of the process independent of the network – instrumentation systems vs. Ethernet networks. Cost-effective and efficient solutions that keep industrial facilities safe are critical to the global economy’s future.
Anil Gosine, global projects, is with MG Strategy+, a Control Engineering content partner. Edited by Mark T. Hoske, content manager, Control Engineering, CFE Media and Technology, email@example.com.
KEYWORDS: Industrial control system cybersecurity, process sensor cybersecurity
Is a just-enough approach to industrial control system cybersecurity really enough for critical facilities?
Anil Gosine explains more in “Building an ICS cybersecurity ecosystem.”
Control Engineering’s sister publication, Industrial Cybersecurity Pulse covers ICS cybersecurity at www.industrialcybersecuritypulse.com.