Visibility: An Essential Component of Industrial Cyber Security

As more and more devices are connected to the process control network, there are more and more risks related to potential impacts from industrial cyber security events, some of which may not even be targeted against industrial control systems (ICS). For instance, WannaCry ransomware actually shut down entire plants without that being its primary objective. Is this a risk you can ignore?

What is an industrial cyber security event?

An industrial cyber security event is anything that can negatively impact the ability to view, monitor and control the industrial process. Such situations can come from human error, equipment failure, or malicious activity. Are we taking the necessary precautions to help mitigate the potential impact of a cyber security event? We need to be cognizant that “what is a good cyber security control or best practice (configuration management), will also be a good operational control.” This means that the best practices we can perform to mitigate risk for industrial cyber security events will also be effective controls for ensuring operational uptime or availability. They will also give us the ability to reduce the mean time to repair (MTTR) for operational and cyber security event outages when, not if, they happen.

What are you doing to increase your industrial cyber security?

There are no shortcuts. Industrial cyber security is a journey that never ends, for the threat landscape is always changing as technology within control systems keeps advancing. There are, however, fundamental measures that we need to take. First, make cyber security part of the industrial network design cycle. If we make this part of the design, we will make sure cyber security event risk reduction is taken from the start versus trying to bolt on industrial cyber security controls after a control system is deployed. One other step we can take is to deploy industrial cyber security event monitoring. Gone are the days where we implement a control system and have a “set and forget” mentality. Monitoring the cyber security posture or hygiene state, that is like having a “Cyber Security” flavored Supervisory Control and Data Acquisition (SCADA) solution, is a fundamental duty we must perform for the control system Such hygiene fundamentals include the following:

1. Log Management – Through a centralized log repository, gain an understanding of what information devices are producing so that we can optimize their performance and ensure the control system stays operational.
2. Secure Configuration Management – “Harden” and manage change to the configuration states for SCADA servers, engineering workstations, and any other Windows or Linux system by ensuring these servers/devices are disabling the use of insure protocols. It’s also important to enable security features of the operating system like Windows firewall and configuring other capabilities like centralized authentication that will reduce the “attack surface” of these systems.

Tripwire industrial solutions can help provide valuable visibility

As a part of Belden industrial solutions, Tripwire can help provide visibility and reduce operational risk for the potential impact from industrial cyber security events with its log management and configuration hardening solutions. To learn more, check out the following white paper “Industrial Cybersecurity—Essential to Ensure Availability, Safety and Resiliency” by visiting http://www.tripwire.com/solutions/ industrial-control-systems/.