The challenges of securing industrial control systems

By Siân John | January 17, 2012 | Leave a Comment

The security of industrial process control systems has suddenly risen to the top of everyone’s agenda over the past 18 months to 2 years – the latest phase of which is the new report from ENISA on security for industrial control systems. This has been largely due to the advent of the Stuxnet worm and, more recently, the Duqu variant, which has identified the sabotage and espionage threat to critical infrastructures running on SCADA (supervisory control and data acquisition) or industrial control systems.

Industrial control systems have long been a part of our critical national infrastructure, providing key automation and control facilities in such diverse systems as power plants, factories, water treatment plants and traffic control. The threats to these certainly aren’t new – if you’ve seen The Italian Job you will know that attacking a computer system may be the way to interact and cause chaos in the real-world. At Symantec, we’ve been tracking real world threats, of varying degrees of severity, for over 20 years, so what makes the concern so different that it is seen as such a cause of concern today?

The key to security in SCADA systems has historically been that it was run by SCADA engineers for SCADA engineers and operated within a closed system over which they had control. These systems had an air gap implemented and were completely disconnected from the wider corporate network. However, in recent years the use of such systems has evolved and they have often been connected to the main IT network in order to provide management information and intelligent control over the systems. This is frequently done via DMZ (demilitarised zone) networks but Stuxnet demonstrated how that can be overcome with the right thought and planning.

As a result, SCADA systems are exposed to all the threats and risks of a modern Internet connected network. This makes it tempting to apply all the same tools and approaches that we’ve developed in general information security to SCADA systems but there are a number of reasons that this is not feasible:

AVAILABILITY is the most important area of SCADA system security. Taking a system down to update a patch or apply a fix can have far-reaching
impact aside from just the inconvenience.
SCADA systems are STATIC. The update windows for these systems are often once a year at best.
SCADA systems are, in general, old. Often connected to large industrial investment projects, equipment can be up to 30 years old on the investment cycle.

This means connecting old technology to IP networks, which have their own complications and difficulties before there is even an attempt to implement security and controls.

Rather than just trying to migrate Information security principles and controls wholesale, we need to look at merging information security and SCADA engineering best practice in order to provide the best protection and process.

Key to this is intelligence on threats to critical infrastructure and monitoring the environment to understand what works. Workable patch management processes to update SCADA software are also vital, within the constraints of limited operational windows, and implementing controls to protect the systems and environment in the interim should be high on the agenda.

SCADA or real-time systems need to rapidly learn the lessons of the last 20 years of Internet connectivity in order to provide protection against rapidly evolving threats. Through this process it will be possible to learn valuable lessons when protecting the entire environment against today’s cybersecurity threats.

Bookmark It