The mission of protecting industrial control systems (ICS) is so vital that it cannot be left to just any security solution. Every day we expect water to flow from our faucets, our lights and electricity to work and traffic lights to move traffic along quickly and efficiently. Interruptions in any of these essential systems, even if only for a few hours, wreak havoc in our daily lives.
One of the differences with critical infrastructure is that it includes two types of technology that don’t always work together seamlessly – Information Technology and Operational Technology. Because of this, providing security management for both without inhibiting the performance of IT and SCADA environments can be a challenge.
As a CISO, CIO or even a CEO, most likely you already have an understanding of information technology (IT). It encompasses all forms of technology that are used to create, store, exchange and use information in its various forms – data, voice conversations, email conversations, images, videos and multimedia presentations. These are the person-to-person communications in technology.
Operational Technology (OT) and SCADA systems, originally adapted from non-IP networks, are not designed with security in mind. Our water, power and chemical plants; gas pipelines and nuclear facilities; and manufacturing facilities such as food processing plants and automobile and aircraft assembly lines connect machine-to-machine using a process control language. Protocols such as MODBUS and DNP3 communicate commands to monitor or change the state of processes within these systems. At the heart of OT environments are modified versions of standard computer elements such as operating systems (often embedded Windows or UNIX), software applications, accounts and logins and communication protocols which may also be insecure. Pressure to produce the final product trumps taking the systems offline to patch vulnerabilities.
Ultimately, legacy ICS and SCADA systems are vulnerable to the same exploits as IT systems with the added challenge of operating in a 24/7 environment. SCADA protocols themselves are inherently designed without security, which increases exposure to cyber-attacks. To protect these SCADA protocols, security vendors may say they identify the protocol, but this does not mean they implement the SCADA commands within the protocol that you need for your application.
The Bigger Truth
There are literally hundreds of SCADA and ICS equipment vendors offering a wide range of automation choices, each using unique command sets, command procedures and operating system configurations. Staying current and keeping up requires a great deal of time and effort. Broad applicability across ICS domains requires security architecture capable of visibility and control beyond just basic commands down to the parameter level.
The right security management platform for ICS environments should be able to perform three main functions:
- Next-Generation Policy: It’s important to be able to create policies that alert on events specific to operational technology. It’s also imperative that these policies have the ability to be segmented into manageable sections, or policy layers, to align with your network needs.
- Highly Efficient Automated Operations: This essentially changes the way people work and collaborate. In ICS environments, in particular, this is especially useful because it provides policy best-practice features and security intelligence to create smart systems. Routine tasks should be automated and delegated, empowering security self-service. Finally, Smart APIs enable trusted integrations with orchestration infrastructures, paving the way for fully automated security controls.
- Full-Spectrum Visibility: Perhaps the most important aspect to managing security in critical infrastructure is integrated threat management – having visibility into SCADA protocols and how the overall environment is behaving, including benchmarking what’s normal and what’s not. This includes logging, monitoring, event correlation and reporting in one place. An advanced visual dashboard is needed to provide full visibility into security across networks and protocols to help your teams monitor security continuously, staying alert to potential threats.
The bottom line is that given the amount of growing SCADA systems and the legacy of insecure OT systems, we need to be able to secure all of it, having visibility into the entire ecosystem of Industrial IoT.
To learn more about security management, click here.
Jessica Cooper focuses on solution markets at Check Point Software Technologies, including retail, healthcare and financial services. Before joining Check Point, she spent several years in product and solutions roles in big data and machine intelligence companies. Today, Jessica’s passion lies in cyber security, the Internet of Things and emerging technologies. Find her on Twitter @thoughtcosm.