Due to aging infrastructure, lack of security planning and design, and insufficient focus on protecting Industrial Control System (ICS) assets, the threats facing ICS networks remain high.
The threats facing the infrastructure of Industrial Control System (ICS) networks are continuously increasing, and their complexity is greater than ever before. The increase in both the number and complexity of these attacks has made ICS an easy target for cybercriminals. The main reasons are aging infrastructure, lack of security planning and design, and a long-standing lack of emphasis on protecting ICS networks. A detailed analysis of the infrastructure and operations of enterprises can provide a deeper understanding of the risk levels and identify potential countermeasures to protect critical assets. This holistic approach should be taken to ensure that all aspects are considered to fully understand the actual risk levels posed to production systems. This includes network and physical security, as well as the state of the system lifecycle. To help identify the exact risk levels, each factor should be thoroughly assessed to understand the differences in design, operation, and maintenance, and to maintain the normal operation of production systems.
The Evolution of Industrial Control Systems
In the past, industrial control system providers used proprietary hardware and software that were physically isolated from external connections. Now, industrial control systems use Commercial Off-The-Shelf (COTS) components, standard operating systems, and common communication protocols.The shift from proprietary systems to open technologies allows for the use of third-party hardware and software components, which helps to drive down the overall lifecycle costs of ICS.
Furthermore, the adoption of standard generic components and communication protocols facilitates connectivity with IT or business systems.Sharing data from production systems to business systems requires minimal effort to collect and analyze data, thereby providing valuable insights for the enterprise.
These capabilities enhance lifecycle and improve connectivity, but they also expose vulnerabilities in ICS applications, as security was not the primary design priority for these programs. ICS providers often publish recommended security practices that define specific methods for connecting to external systems, but the ultimate responsibility for deploying and maintaining ICS network security lies entirely with the end users. Protecting these networks to ensure production availability and safeguard against security concerns should be a comprehensive business objective developed and supported by management.
Managing IT and ICS Infrastructure
Both IT and ICS infrastructures use common network components, but they are very different in terms of maintenance, operation, and security management.The security goals of IT business networks and ICS networks are different concepts, but they are based on the same principles of confidentiality, integrity, and availability.
For IT, the primary concern of enterprises is the leakage of intellectual property, with confidentiality being the highest priority. Next, data integrity is very important, followed by network availability.
Due to the critical nature of production system data, ICS networks have different priorities. The reliance on human-machine interfaces makes system availability the highest priority in the industrial sector.
Data integrity and information accuracy are also very important for industrial systems. Confidentiality is often not the main concern for industrial networks. These differences in system priorities lead to significant discrepancies between IT and ICS in network operation and security management.
Although both systems use common components, the operations of IT and ICS networks are very different.Typically, IT network operations are user-triggered, largely irregular, or initiated on demand. The traffic generated on business networks may be sporadic and unpredictable. Therefore, there is a need to remove or add network components (such as servers, network devices, and computers) to support business needs. Business system communication protocols are built around such operations and usually do not include any type of deterministic mechanism, primarily due to the sporadic nature of the data.
On the other hand, ICS networks require very high availability to support the continuous and uninterrupted demands of production systems.These systems are designed to provide data at a deterministic rate to achieve predictability and repeatability. ICS communication protocols support deterministic activities that capture time-critical events. These systems are designed to provide high availability and time-sensitive critical data. The differences in operations between IT and industrial control system networks lead to significant differences in their approaches to achieving security.
Standard IT ‘Fixes’ May Harm ICS
IT typically deploys a wide range of security countermeasures to prevent network attacks.However, due to the need for deterministic high-availability data, most common IT security methods may adversely affect ICS networks. An example of standard IT security practices includes patching for operating system upgrades, application upgrades, and server system upgrades. In the IT realm, this is considered common practice. However, these operations may have very negative impacts on ICS networks.
Due to the critical nature of related software, system components, and data delivery, other common IT practices, such as domain changes, antivirus program updates, anti-malware updates, router configuration changes, and port blocking policies, may adversely affect ICS networks. Any such changes to ICS networks or related components must be carefully considered and should first be tested on a test system to analyze their performance before actual deployment to production systems.
Moreover, special attention must be paid to security to ensure that ICS network operations are not disrupted.Determining the correct approach and applying the most cost-effective risk mitigation solutions are critical for supporting the IT and ICS infrastructure of the business. The availability demands of ICS networks make them more sensitive to any subtle changes in production systems.
Accurate Assessment of Risk Levels
Due to a lack of awareness and understanding of all potential vulnerabilities, the actual risk levels of ICS networks are often not determined.Like IT systems, the effort required to prepare ICS networks must be a comprehensive effort recognized by management to ensure the availability of production systems. Given the complexity of modern hackers, simply placing a firewall between ICS systems and IT networks does not provide sufficient protection to eliminate risk.
‘Risk’ is defined as the potential to gain or lose some value.To fully understand the actual risk levels of production systems, all aspects of exposed vulnerabilities must be assessed, such as production loss, environmental damage, equipment damage, and personal safety. This may include all threats posed by network, physical, and local interface vulnerabilities resulting from internal, external, malicious, and unintentional incidents. All aspects of the industrial control system lifecycle must be defined to ensure that all potential risks are considered.
Many vulnerabilities within the ICS infrastructure can introduce risks, such as using outdated platforms, system architecture design, connections to external networks, wireless access points, and remote interface points.Typically, the time required to deploy industrial control systems is much longer than that required for standard IT systems, which can be attributed to costs, the desire to migrate to newer systems to avoid production interruptions, and the lack of relevant risk knowledge when operating outdated systems.
Another factor leading to potential vulnerabilities is the failure to design and maintain a secure ICS network, which may result from multiple engineers being responsible for the network over the years without proper security planning or procedures, or it may be the result of rapidly deploying multiple projects in a rush to upgrade or add components that have already compromised security.
To successfully manage risks, enterprises must fully define what needs to be in place, understand the different stages of the ICS system lifecycle, and ensure they have a plan to protect production systems from all possible vulnerabilities. These policies should be authorized by management to ensure that production system assets remain intact throughout the system lifecycle.
Threats to ICS Systems
The threats to IT and ICS infrastructures are continuously evolving and becoming increasingly difficult to prevent, monitor, and mitigate.Due to the critical demands of production, the challenges faced by ICS networks in terms of security are increasing. Therefore, technicians and engineers responsible for monitoring ICS networks must adopt a more rigorous, planned, and disciplined approach to deploying security measures.
Even completely disconnecting the ICS network from the internet does not eliminate all associated risks. While external threats may seem more apparent when connected to the internet, sometimes internal threats can be more potentially harmful than external ones. These include malicious internal actions and unintentional human errors that could damage the ICS network.
Threats to production systems include any damage to the system’s ability to continuously and accurately display operational data.They also include operator access to desktop functions, local login privileges, and system port or interface functionalities. Efforts to protect automation systems physically and procedurally can be very extensive and time-consuming. However, the only way to prevent common system failures is to eliminate the ability of ordinary users to access these systems, including software, hardware, and physical access.
The lack of adequate planning and procedures for managing ICS security and lifecycle is the greatest threat to ICS critical infrastructure.Security can be compromised through digital networks or physical aspects. Operating on outdated platforms can also compromise the lifespan of production systems. Outdated hardware, software, and reduced support for systems can be expensive (if support is still available).
Typically, IT systems have an upgrade cycle of 3 to 5 years, while production systems may remain in operation for much longer.Due to the high availability requirements of production systems, changes to new systems also carry risks. New systems may require reprogramming, and logic will need to be deciphered or compiled into a new language. This can introduce human errors and may adversely affect production systems.
New operational interfaces may differ in appearance and operation from existing outdated systems.The migration from old to new systems may involve many aspects of detailed logic specifications to define safe operations, extensive testing, and operator training to fully assess production systems. A complete replacement may take time and involve multiple complex phases to minimize production interruptions. The management of the ICS lifecycle should include a comprehensive roadmap that plans all replacement details to minimize risks to production systems.
Mitigating Risks and Protecting Assets
Mitigating risks and determining a comprehensive plan to protect enterprise assets requires a thorough assessment of all production system risks.Asset protection should include security layers and should not rely on a single software or hardware solution to minimize risks. The consequences of compromised industrial control systems can lead to production losses, environmental damage, equipment damage, and even pose risks to personal safety.
Asset protection begins with directives from upper management to identify proactive actions and ensure that ICS systems are prepared to handle evolving threats.The comprehensive plan documents security tasks and processes and outlines the hierarchy of protection, mitigation processes, and migration plans to cover the lifecycle of ICS systems. The response to incidents threatening production systems should be a well-understood plan by all personnel to minimize their impact.
The migration plan should include a system roadmap to minimize production interruptions and ensure the security and reliability of the system during the change period.Essentially, threats are becoming increasingly complex, so it is strongly recommended to audit the protective layers annually to ensure they are not compromised. Risk factors will never be completely eliminated, but asset owners can protect the normal operation of production systems by minimizing risks as much as possible.
This article is from the June 2018 issue of CONTROL ENGINEERING China in the “Technical Articles” section, originally titled: How to Reduce Threats to Industrial Control System Networks?
————Cover of this Issue————
To read each issue of the magazine for free, please follow the WeChat subscription account of CONTROL ENGINEERING China.
Recommended Reading
-
At the Cutting Edge of Technology | Using Immersive 3D Virtual Reality Technology to Simulate Robotic Welding, Just Like Watching a Movie!
-
The Biggest Challenge in Implementing IIoT – Industrial Internet of Things Software Platforms and Edge Intelligence
-
4 Key Areas – Developing Automation Standards Within the Factory
-
Maximizing the Lifecycle of Control Systems – 7 Tips for PLC Control System Maintenance
-
[Exclusive Viewpoint] What Commonalities and Differences Are There in Implementing Smart Factories Domestically and Abroad?
-
[Who is the Best Choice] Microcontrollers vs. PLCs, Which is More Suitable for Your Factory?
-
Solution | Why Does One Differential Pressure Transmitter in the Same Pipeline Work Normally While the Other Shows Negative Pressure?
