1. Securing the Industrial NetworkIndustrial organizations that want to secure their networks should begin by making sure they have a good network design with well-secured boundaries. Once they complete that initial step, enterprises should segment their networks by implementing the ISA IEC 62443 standard, secure all of their wireless applications, and deploy secure remote access solutions to help with fast troubleshooting and problem-solving. Companies should also monitor their networks. Katherine Brocklehurst of Belden feels it's increasingly important for them to do so in OT environments:
"Monitoring the security status of a network is common practice for IT security teams but less common in operations environments…[there is also] value in monitoring industrial network infrastructure equipment such as routers, switches, gateways etc. These systems connect the segments and can be compromised. They need to be assessed, a baseline taken and a monitoring effort applied."
2. Securing the Industrial EndpointsOT professionals might feel their organization's endpoints are protected against digital attacks by perimeter firewalls, proprietary software, specialized protocols, and airgaps but that just isn't the case. The moment employees, contractors or supply chain personnel walk in with their laptop or a USB to conduct maintenance, these safeguards are bypassed. As a result, Kathy Trahan of Tripwire says companies should be doing more to secure their industrial endpoints:
"To mitigate OT attacks, PC-based endpoints in the OT environment need to be protected, and organizations need to defend their IT endpoints against attacks that traverse over to the OT environment. An overarching endpoint security strategy needs to be in place for OT and IT environments."A starting place for many organizations is to gather and maintain an accurate inventory of all endpoints' hardware and software, tracking the vulnerabilities in OT assets, assuring secure and hardened configurations are in place at each endpoint, and monitoring and alerting on unauthorized changes.
3. Securing the Industrial ControllersIn every industrial environment, there are physical systems – mechanical devices such as accuators, calibration devices, valves, and an array of sensors for temperature, pressure, etc. that interact with the physical world. Bad actors have gained access to these mechanical devices in many documented cases, causing those systems to malfunction, but they have no direct way of doing so without gaining access to the control level. To get around that obstacle, some attackers target the industrial controllers responsible for managing those systems. Brocklehurst explains in another blog post:
"…[P]hysical systems are connected back to a type of specialized computer that actually controls it. It is these specialized computers that make the bridge between controlling the physical systems and receiving programming or instructions from a network. These are the industrial controllers, and they are the systems being targeted to create physical damage or disrupt a revenue generating industrial process in cyber attacks. Industrial controllers come in different varieties, but you will hear terms such as PLC (programmable logic controllers) and DCS (distributed control systems) used commonly to refer to different types of these."Here's an example of an easy-to-remember controller we come into contact on a daily basis.
What can you do to Help Protect Your Industrial Control Systems?Given the growing complexity of industrial environments, it's important that organizations make an effort to adequately protect against digital threats. Doing so requires a multi-step approach that focuses on network security, endpoint security, and industrial controller security. Interested in learning more about how to defend your industrial control systems with Tripwire? Click here to find out more. Alternatively, you can read the SANS 2016 State of ICS Security Report here. If you are interested in learning more about Industrial Cyber Security you can download our new e-book, “Industrial Cyber Security For Dummies” here.