Secure information management for ICS systems
The modernisation and digitalisation era of today has increased deployment of IoT equipment in ICS systems. However, this has significantly raised the number of attack vectors for malicious activity. Secure information management for ICS systems is, therefore, one of the most challenging areas for companies using them.
To take the right measures, you have to ask yourself: What is the security impact of modern industrial software development practices, including the use of open libraries, with complex interdependencies? What happens if external attackers indirectly try to infect the endpoints through targeted malware? And how can information security be ensured while maintaining the accessibility and integrity of the systems?
ICS – systems with valuable information
Industrial control systems (ICS) give operators an easy way to manage, monitor and control industrial processes. They are used extensively in industries such as chemical processing, pulp and paper manufacture, power generation, oil and gas processing and telecommunications. In other words: in businesses with lots of highly sensitive and important information – not only to the company but also to society as such.
Such information must, of course, be protected – not an easy task today when cyberattacks continue to evolve at a rapid pace despite record levels of security spending.
Potential areas for cyberattacks on ICS systems are:
- Phishing for information, especially after cloud services implementation
- Denial-of-service attacks
- Ransomware attacks
- Threats related to remote operations of various systems
- Attacks through vulnerable automation systems
- Threats due to poorly protected IoT technology implementation
- Industrial espionage, data leakage, theft and infiltration into critical infrastructure
Digitalisation is a security challenge
Historically, ICS systems were often completely disconnected from the outside world. As ICS systems are modernised and increasingly integrated into IP networks, even systems that previously were difficult to access because of proprietary network environments, now are easy targets for cyberattacks. Accelerating deployment of Internet of Things (IoT) equipment such as sensors and even non-computing devices further increase the number of attack vectors available to malicious activity.
Poorly protected IoT environments provide opportunities for at least the following hostile actions:
- IoT administrative system hijacking
- Modification of active device calibration data and settings
- Forming of botnet networks and feeding commands into the device
- Attacking the link between the active device and its controller
- Attacking information transferred over the network
- Attacking actuator equipment to modify their settings
- Using protocol vulnerabilities
- Attacking targets linked to the actual target
- Manipulating power supply status information
To upgrade security to meet the new stricter requirements and at the same time, maintaining access to digital information, solutions that separate and control data flows are necessary.
Secure ICS information management – how to achieve it
To safeguard ICS systems, segmentation should be applied with high assurance solutions to guard the physical isolation yet enable completely secure communication. With this in place, logging security data is the next priority. By monitoring logins, failed login attempts, transactions, USB usage etc., effective preventive measures are mapped out and damage control is taken without delay. In most cases, ICS system vendors have a dedicated access link to the operational system for monitoring and maintenance purposes. Often these links are not secure.
To ensure integrity and confidentiality of the system, the following solutions are required:
- Physical separation of IT systems and the ICS system using zoning
- Restricting access using unidirectional data diodes in the zone border for outbound data flows from ICS systems, this ensures that data only transfers in a forward direction and never in reverse
- Verifying data traffic integrity and using bidirectional filtering with dedicated real-time Information Exchange Gateways (IEG).
- Making sure SW updates into any system is scanned, cleaned and even run through Content Disarm and Reconstruction solutions (CDR)
Advenica has extensive experience of solutions where networks are physically isolated at the same time as information is connected securely. Our expertise and solutions secure your ICS information management – and enable accelerated digitalisation without jeopardising accessibility and integrity of ICS systems.
In our customer cases “Wiener Netze protects its infrastructure using solutions from Advenica” and "Major energy company secure power with Advenica" you can read how large energy companies secure their operations with our help.
Would you like us to raise your information security? Please contact us!