Defending Against Industrial Control System (ICS) Cybersecurity Threats Part II: Prevention
As previously discussed, detection is one part of defending against cyber threats within industrial automation control systems (IACS). After cybersecurity risks are detected in an IACS, the next step is to take action in making sure that the organization does not suffer an attack, by instituting prevention from the types of attacks the detected risks may facilitate.
Prevention encompasses basics such as: properly training employees, keeping systems up to date, implementing perimeter defenses (ie..firewalls), and making sure passwords and network security policies are fully implemented - keeping it simple.
Proper segmentation of IACS (OT) and IT is crucial in protecting operations and their associated technology from attacks. Network segmentation should be based on management authority, uniform policies, levels of trust, and functional criticality.
In addition to network segmentation, the use of network access control (NAC) and whitelisting is essential. NAC enforces access policies such as the principle of least privilege. Monitoring of IACS network segments should use intrusion detection and passive intrusion prevention systems (IPS/IDS). IPS/IDS applications must be in passive mode because an active implementation may block genuine traffic which can be dangerous to the IACS process.
Domain boundary protection by properly installing and configuring perimeter appliances should be implemented. This will mean that security teams must implement at a minimum firewalls, routers, and demilitarized zones (DMZ) to protect intrusion from the business network to the IACS; in sensitive and critical IACS networks the use of unidirectional gateways or data diodes should be considered.
When using endpoint security, ensuring all elements connected to restricted networks are secure and compliant, is one of the key concerns that OT (IACS) security professionals should focus on.
Finally, determining the End of Life (EoL) of IACS assets, the information gathered with System Owners during the IACS inventory and discovery should be leveraged to determine the priority of replacing the IACS. This cybersecurity plan will leverage available tools for deployment on all IACS to include air-gapped systems.
IACS are rapidly moving towards a more digital ecosystem, and are becoming more and more vulnerable to cyber-attacks. Detection and prevention are vital concepts in developing an overarching defense strategy, by bringing IACS in line with the latest standards and technologies for IACS. ie.. the NIST Cybersecurity Framework (NIST CSF), NIST SP 800-82, and ISA/IEC 62443.
DMI offers a wide range of services, capable of securing and monitoring critical systems, including industrial automation controls. For more information, visit our website at DMInc.com.