Security is not the same for the industrial control systems (ICS) as it is for information technology (IT). This difference in part arises from the unique characteristics that set IoT and IT environments apart from one another.
Take IT, for instance. One of the most important business drivers for securing systems in those types of environments is mitigating risk and protecting data. Information security professionals have developed a number of documented protocols in pursuit of those goals, an ongoing process which includes implementing software updates and conducting active scans. To their advantage, IT professionals can take the network offline to complete most software security upgrades, and they can schedule those maintenance jobs at specific times to minimize network downtime.
The same cannot be said about industrial control systems. In ICS environments, the number one business driver behind security is ensuring reliability and availability of data, with safety following at a close second. Many ICS devices rely on proprietary or undocumented protocols, and their software is not updated very often.
Tripwire’s senior product marketing manager Kathy Trahan elaborates on this point:
“[M]any ICS devices are running legacy operating systems that have not been upgraded and are therefore more likely to have vulnerabilities. In general, [operational technology] OT typically does not upgrade because it would disrupt service and jeopardize uptime, whereas a good part of an IT professional’s job is to upgrade systems to improve functionality, performance and minimize vulnerabilities.”
The makeup of a typical ICS environment presents a unique set of security challenges, especially given the SANS 2016 State of ICS Survey Report’s (PDF) finding that 67 percent of ICS organizations perceived severe or high levels of threat to control systems in 2016.
So how can organizations adequately protect industrial control systems?
To answer that question, David Meltzer, Belden/Tripwire’s chief research officer; Ryan Brichant, vice president and CTO of FireEye; and Sean McBride, lead analyst of critical infrastructure at FireEye-iSight, hosted a webcast entitled, “Industrial Cyber Security: Are ICS Threats Hype or Reality?” Their presentation focused on the fundamentals of industrial control system security and explored ways by which security professionals can protect ICS, endpoints, and networks.
From his experience in the industry, Meltzer understands that attackers have a variety of motivations, which means each actor poses a unique threat to an organization’s ICS environment.
To counter those malicious individuals (as well as the occurrence of insider errors), Meltzer offers three recommendations for how organizations can protect their industrial control systems:
- Look for practical solutions.
- Look at ways to bring IT and OT together.
- Look for people, tools, and processes that understand the priorities of the ICS world.
That last point is especially crucial for McBride, who has observed a number of alarming trends in industrial control system security this year. Those developments include the following:
- As of April 2016, researchers had identified 62 ICS-specific vulnerability disclosures.
- Ransomware masqueraded as a file for Allen-Bradley, a respected factory automation equipment manufacturer.
- Actors sought to sell and purchase access to SCADA systems on dark web forums.
Given the evolution of ICS threats, McBride recommends organizations do three things to defend their ICS environments against attacks:
- Get a plan and program for industrial control system security.
- Segment networks, review firewall placement/rules, and review router configurations.
- Inventory all control systems, including their software, hardware, and firmware versions.
Companies can in part meet those demands by going with a provider that understands the ICS space. No solution fulfills every requirement, which is why some organizations become customers of more than one provider.
For instance, joint Belden-FireEye customers benefit from integration and contextualization of logs from Belden’s solutions for mission critical industrial networking technologies in Threat Analytics Platform (TAP), FireEye’s detection and incident investigation software. If they are Tripwire customers, they can also integrate with other FireEye digital forensics solutions, including its Multi-Vector Virtual Execution (MVX) engine and AX series. Finally, joint customers can have automated tools hunt for threat indicators of compromise (IoCs) across their IT and ICS environments.
To learn more about ICS security, including how Belden’s and FireEye’s solutions defend industrial control systems against threats, please view the webcast in full here.