Cellular Technology Use in ICS

Wednesday, March 14, 2012 @ 09:03 AM gHale

By Jacob Kitchel
ICS-CERT published its January 2012 newsletter with some great advice regarding cellular technology use in ICS networks. The article, titled “Industrial Cellular Security”, discusses the types and uses for cellular devices as well as mitigation advice for dealing with ICS cellular device threats.

The coverage of cellular technology for communications in remote areas has been covered several times before with respect to security. The Additional Readings section below has links to some of the previous coverage including NERC’s August 2011 “Telephony-Enabled Weakness” advisory, Digital Bond blog entries, as well as Don Bailey’s “War Texting” talk from Blackhat USA 2011.

Smart Phones ‘Leak’ Crypto Keys
Smartphone Security Faces Big Problem
DDoS Tool Heads to Android
Mobile Malware Skyrocketing

Having cellular technology’s use and threat mitigation covered in a high profile publication in the ICS industry means cellular technology as network medium has hit the “main stream.” As an asset owner you need to ensure that the technology’s use is evaluated in your annual risk assessment and any time you deploy cellular technology.

The 3 most important things an asset owner can do to ensure risk is minimized while using cellular technology are:

1. Determine and configure the proper controls to enable a secure deployment
Remote sites are designed and configured to operate unattended for long periods of time. Deploying the device securely the first time allows an asset owner to reduce management overhead.
2. Send network traffic in an encrypted tunnel from a gateway device before traversing a cellular network
By sending network traffic in an encrypted tunnel while traversing a cellular network, or any network, the asset owner can ensure the data cannot be manipulated in-transit. A common scenario would be to leverage a network gateway device, such as a firewall or router, that can establish and use encrypted tunnels back to a central network.
3. Ensure the cellular modem’s management interface is not available on the cellular interface

Taking this step helps to prevent an attacker from attacking any device or management interface vulnerabilities which may be present in the cellular modem.

A reasonable alternative is to only allow access to the management interface from internal network addresses such as those from the remote site itself (for on-site administration) or the central network (for remote administration).

One Response to “Cellular Technology Use in ICS”

  1. jlangill says:

    Would also strongly consider not trusting the cellular provider with their VPN tunnel solution, but rather installing your own before their gateway device. In many cases, these providers have less than optimal storage of the private keys, which could undermine the security of your tunnel.

Leave a Reply

You must be logged in to post a comment.