IEI: Hardening a System

Wednesday, October 12, 2016 @ 10:10 AM gHale

By Gregory Hale
Windows is the driving software running throughout the manufacturing automation industry, and while its security and stability has increased tremendously over the past decade or so, it still needs safeguarding.

“We need things up and running and not have anything go down,” said Travis Smith, senior security researcher at Tripwire, during a Tuesday session entitled “How to Harden and Secure Essential Windows Systems,” at Belden’s IEI Design Seminar in Orlando, FL. “We want to predict what is happening in the environment. Being able to share (that information) is key.”

IEI: Learning to Ward Off Hackers
IEI: Basic, But Needed Security Lesson
IEI: Moving Forward with Ethernet Networking
Strengthening Energy Security Posture

Issues with Windows systems have created issues in the past.

Smith pointed out the infamous issue at Maroochy water services where the utility did not revoke the credentials of a former employee and he was able to get in to the system and release untreated waste. The cost of the problem was $200,000 and it led to loss of marine life and it jeopardized public health.

Another issue was the December attack of the Ukraine power grid where a phishing attack and a denial of service led to 80,000 to 200,000 people losing power.

One more incident was the Hatch nuclear power plant where a Windows maintenance upgrade was not properly tested before being implemented and it crashed the system which led to loss of availability, forcing a plant shutdown.

Eighty percent of the cost of unplanned downtime is due to changes, Smith said, adding half of that is due to human errors.

“It is all about change. Unplanned downtime is caused by change and it will cost a lot of money,” Smith said.

Another interesting fact Smith pointed out from the lates Verizon Data Breach report was it takes attackers one day to get into a system, but it takes 229 days for the victim to detect the breach.

“An attacker can be right once, but security has to be right 100 percent of the time. It just isn’t fair,” Smith said.

That is security in the current environment, but when you add the coming Industrial Internet of Things (IIoT) on top of that, the potential for issues just escalates multiple times over. That means IT will need to be more involved in the OT or manufacturing enterprise.

That means the age old schism between the IT and OT factions will need to come together and both sides will need to understand where each other is coming from.

While IT focuses on the CIA model of confidentiality, integrity and availability and the OT side looks at availability, integrity and confidentiality, the two sides can agree on one thing.

“The common ground, though, is safety, whether it is CIA or availability, it is all about safety,” Smith said.

Some of the technology problems they will need to address are:
• Continuous monitoring and compliance
• Reducing risk exposure and attack surface
• Detect and respond, unplanned change
• Enhance uptime and availability

There is a security architecture Gartner Group created that focuses on predicting, preventing, detecting and responding.

While the ongoing process is not too onerous for working on one computer, but working on a series of computers in a manufacturing operation could be a time consuming task that would be never ending. That is why Smith was talking about automating the update process for computers throughout the enterprise.

In essence, the user would set up the commands and the automation process would update and keep the systems up with a continuous configuration, detection and response program.

To harden industrial systems using Windows, users should look at:
• Dialog filter
• Keyboard filter
• Sticky Keys
• BitLocker
• AppLocker
• Windows firewall
• USB filtering
• Local user checks
• New service checks

Smith said users need to be more aware of their systems and know what is running because “what you don’t know will hurt you.”