Right Tools will Secure Industrial Networks

Tuesday, June 4, 2013 @ 06:06 PM gHale

Editor’s Note: This is an excerpt from the Practical SCADA Security blog at Tofino Security.
By Heather MacKenzie
Improving the cyber security of industrial networks is constant challenge all manufacturers face.

On the one hand your manufacturing processes probably use devices such as PLCs (programmable logic controllers) and DCS (distributed control systems) designed with a focus on reliability and safety rather than security. On the other hand your industrial networks are already, or soon will be, connected to your company’s enterprise networks and migrated to Ethernet.

SCADA, ICS Security: Face the Facts
More Than Discussion, Security is Vital
Securing SCADA: Compensating Controls
Making Patching Work for SCADA, ICS

In considering how to decrease cyber risk and protect assets, it is important to look for technology solutions designed for the plant floor.

Some of the differences between plant networks and office networks are:
• Different environments — industrial networks often operate in harsh physical environments
• Different staff skills — you may be a rock star at making products or programming PLCs but designing a cyber security solution is likely not your strength
• Different priorities — plant operators are most concerned about reliability and safety whereas office IT people usually have confidentiality as their highest system priority
• Different protocols — plant networks need to support industrial protocols required to keep equipment running and production working. Such protocols are particularly hard to secure.
Taking these factors into account, here are six recommendations for securing industrial networks.

1. Select Industrial Components
First, ensure all network components, including cabling, cabinets and active equipment, are industrially hardened, resilient and have high mean-time-between-failure (MTBF) ratings. As you know, the demands of the plant floor are much harsher than the typical IT environment and require equipment to match.

2. Look for Redundancy and Robustness
Having equipment that is easy to disrupt makes the attacker’s job easier and the support staff’s job much harder. Active components of the network, such as switches and routers, need to support industrial redundancy technologies. This way if part of your system is attacked by malware or affected by a network incident, you will be able to keep operations going.

There are a lot of acronyms and buzz words in this area such as “zero-failover,” PRP (Parallel Redundancy Protocol) and HSR (High-availability Seamless Redundancy). The important thing is to make sure the networking equipment supports the level of redundancy required for your production needs.

3. Seek Technologies that Integrate
Integration into industrial management systems is critical for support and security event monitoring. Using such a system will facilitate the detection of unusual activity on the network, an area that is typically poorly done in the industrial automation world.

You or other plant staff should be immediately alerted if a read-only remote operator station suddenly tries to program a PLC. Waiting for the IT team to analyze the event the next morning is too late.

4. Deploy Firewalls that Secure Industrial Protocols
Firewalls should be optimized to secure SCADA protocols such as Modbus and OPC, rather than email or web traffic. Web and email messages simply have no place on a plant floor system and products that inspect these protocols simply add cost and complexity to the security solution.

5. Practice Defense in Depth with Zone-Level Security
Using the best practice of Defense in Depth, security should not end with a perimeter firewall for the plant network. Instead, production networks should be segmented according to ISA IEC 62443 standards. Each zone of devices should be protected with its own industrial firewall that can be deployed into a live plant network without risk to operations.

6. Focus Your Efforts
Every control system has one or more assets that would seriously impact production, safety or the environment if successfully attacked. These might be the SIS (safety integrated system) in a refinery, the PLC controlling chlorine levels in a water filtration plant or the RTU in an electrical substation. You and others in the plant know what really matters to the operation. If those assets are aggressively protected, the chance of a truly serious cyber incident is massively reduced.

If you are uncertain about how to improve the cyber security posture of your facility, following the recommendations above will shorten the time it takes to make improvements.
Heather MacKenzie is with Tofino Security, a Belden company. Click here to read the full version of the Practical SCADA Security blog.

Leave a Reply

You must be logged in to post a comment.