It was only a few years ago that most people were not seriously worried about the cybersecurity of control networks. The largely unconnected nature of these systems helped ensure their security. Now, with a rising number of manufacturers digitizing and sharing industrial control data with other systems, cyber attacks are increasing and the potential impacts range from severe financial damages to the loss of human life.
Clearly, cybersecurity for industrial control systems (ICSs) is an urgent matter. Company executives across a range of industries feel their control systems are more vulnerable than they were a year ago, according to the 2016 State of ICS Security Survey from the SANS Institute. Some three-quarters of respondents (67 percent) say they perceive a severe or high level of threat to their control systems. That’s up from 43 percent just a year earlier.
Much of the control equipment in operation today was produced decades ago and built for the long haul, with no thought of communicating with other systems—and correspondingly, no need for cybersecurity. Particularly in process industries like utilities, some companies are using long-established air gaps to protect their control systems. But in today’s hyper-connected world, that choice comes at a cost.
Sharing the vast amount of process data with other systems fuels better decision-making, allows more granular performance management, and enables asset optimization and predictive maintenance to reduce costs and improve safety. In heavily regulated industries, the proverbial shop-floor-to-top-floor connectivity eases compliance. It allows remote access for employees and vendors to fix problems, minimizing downtime.
If not an air gap, then what?
There are a host of security architecture choices and specific technologies that are designed to provide a layered approach to protecting ICS, including:
- Identity-defined networking. Tempered Technologies’ Identity-Defined Network fabric operates on a trust model with IEEE 802.1X certificate-based authentication and identification. This approach goes beyond passwords and perimeter protection to continuous, intelligent authorization based on context. The network is cloaked, so it can be viewed only by authorized users.
- Segmentation. With this cloaking variant, the network is broken up into segments with strict access controls in between. Rather than a strict separation between two networks, the segments can open, give access when presented with the right credentials and then close again.
- Defense-in-depth. Siemens advocates creating connectivity with a defense-in-depth approach. As the name suggests, a wide variety of standards-based security technologies are layered upon each other, along with well-defined and enforced organizational practices.
- Data diodes. Also called unidirectional security gateways, data diodes allow only a one-way flow of information. This means data can flow from the control system to the information system but not vice versa. Emerson Electric and other vendors, such as Waterfall Security, are proponents.
- Demilitarized zone (DMZ) between industrial and IT space. Rockwell’s Wilcox advocates a “best of both worlds” approach that resides between air gap and a shared environment. “This is about good connectivity between separate infrastructure,” he says. Each side can pass information to the other via a highly secured industrial DMZ that resides between the two environments.
- Special-purpose security appliance. Belden offers the Tofino Xenon security appliance that complies with the IEC 62443 cybersecurity standard for control and does deep packet inspection.