Source: Trace Bellassai, Client Operations Engineer
Industrial control systems are the computers that control nearly every aspect of an industrial plant. Whether that be a manufacturing plant, or a power plant, the security of these assets is of paramount importance to the plant owner, and depending on the type of plant, even the country. Security in the ICS world, however, can be a little more complicated than the security measures taken on your home PC. This is due to many factors, from the protocols being used by many ICS devices to communicate being older, and not supporting encryption, to the fact that updating a device may require the entire plant to shut down in order to do so, which just may not be feasible in some situations.
Air gaps are one step that have been taken to bolster security of ICS networks. Air gapped networks are essentially self-contained networks that are not connected to the internet, or any other non-essential system. This allows a system administrator to lower the attack surface available to a potential malicious actor. The problem here comes in that plant operators are wanting more and more information available to them about their plant. With upcoming technologies, such as the Industrial Internet of Things (IIoT), it is becoming more and more popular for a plant operator to want these, once air gapped networks, to now be on the internet.
Protocols are another example of what sets apart an ICS network from a traditional IT network. Standards such as Modbus and DNP3 do exist in the ICS world, but they were not built with security in mind, and the standards themselves lack encryption. To counter this, some vendors have implemented their own encryption to use with these protocols or have simply developed their own proprietary protocols. While this may be better from a security standpoint, it eliminates one of the major advantages to having a standard in the first place, interoperability. These protocols can have an “obscurity” element to them, but as we have seen with attacks specifically targeting OT devices, security through obscurity is not practical.
Something that maybe seemingly simple in the IT world, can create lot of headaches when in the ICS world. Something as simple as asset management and discovery, which is of extreme importance for security, does not have a great solution in the ICS world. Proprietary encryption and protocols can be partially to blame for this, as it makes talking to the devices in an automated way much more difficult. IT devices are also often incorporated into an ICS network, for example, in the form of a human-machine interface (HMI). These HMI’s can open additional attack vectors because now an attacker can attack a traditional IT device (which arguably have more attacks being developed for them), and gain access to an OT network. This means that ICS operators need to be adept in securing both IT and OT environments, rather than focusing all efforts on one, or the other.
At FoxGuard, we know a thing or two about cyber security for industrial controls systems in critical infrastructure – we have been providing patch management solutions for ICS equipment for over ten years. We understand the difference between patching your laptop verses the intricacies of patching your relays, PLC’s and other OT equipment. You cannot just recklessly patch your OT equipment. It takes planning, validation and intent.
WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.
If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.