ICS Security Strategy

To achieve the level of protection needed for industrial and critical networks, secu­rity needs to grow from a collection of disparate technologies and practices to an effective business process. Smart Logic recommends organizations to look at three dimensions when deploying a security strategy and solution

Policies

Security starts with a widely understood and well-defined policy—closely aligned to business needs rather than a collection of system-level checks and disparate technologies. Policies should take into account that the priority is the business and suggests way to conduct in a secure manner as part of the business policy instead of appearing in a completely different context.

 People

Users of computer systems are a critical part of the security process. It is often users who make mistakes that result in malware infections and information leak­age. Organizations should pay much attention to the involvement of users in the security process. Employees need to be informed and educated on the security policy and their expected behavior when surfing the Internet or sharing sensitive data. At the same time, security should be as seamless and transparent as pos­sible and should not change the way users work.

 Enforcement

Deployment of ICS security technology solutions such as security gateways and end­point software is critical for automated analysis of traffic, prevention of attacks and regulation of work procedure. It should meet three main goals:

a) Ensuring the security of the SCADA network devices perimeter and interface points

– It is recommended to maintain physical network separation between the real time components of the SCADA network (e.g. PLCs) and other networks.

– Security Gateways should be installed at all interconnects, ensuring that only relevant and allowed traffic is entering/leaving the network. This validation should be done on all communication, protocols, methods, queries and responses and payloads using

o Firewall

o Application Control

o IPS – Most recommended is Smart Logic’s

o Antivirus

b) Ensuring that all workstations and portable equipment used for management and maintained is free from malware and secured

– Dual homed workstations that connect to both an internal critical network and to other less sensitive networks or even the Internet is a major risk. In cases where such configuration is mandatory

o Users must be fully aware of the risks

o Software and Security Configuration should limit the operations that can be performed on the workstation

o Strict analysis of all traffic, files and payloads must be performed in Real Time

– All workstations must be hardened and controlled by an Endpoint Security Suite including

o Firewall

o Application Control

o Port Control

o Media Authentication/Encryption

o Antivirus

c) Ensuring SCADA traffic within the perimeter is valid and free of exploit attempts

– It is recommend to filter or at least monitor all SCADA communication

– Security Gateways should be installed within the SCADA network in either in-line or tap-mode allowing:

o Firewall

o Application Control

o IPS – Most recommended is Smart Logic’s