Security concerns of computer automation and control: Where to start?
Cristiano Cafferata, systems engineer, SonicWALL
In today's industrial networks, supervisory control and data acquisition (SCADA) and distributed control systems (DCS) control many government infrastructures, which in turn impact many lives.
So it is not surprising that cybercriminals have used SCADA-based systems as a means for attack. Already, cybercriminals have attacked these systems in the United States, France, Canada, the Netherlands, China, Taiwan, Germany and India, and the list keeps growing.
These criminals have shut down systems with variants of the Stuxnet virus, Modbus TCP illegal packet size, CitectSCADA buffer overflow attempts, ActiveX SetActiveXguid method invocations and SCPC Initialize BO attempts.
So what steps can be taken to secure SCADA- and DCS-based systems?
While there are several ways to approach protection of these systems, the Plan-Do-Check-Act (PDCA) model offers a comprehensive model. Popularized by W. Edwards Deming, PDCA is incorporated into ISO/IEC 27000-Series (ISO/IEC 27001:2005) standards, published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
At a high level, “Plan” means defining purpose and scope, determining corresponding objectives, and outlining the steps and resources required to attain them, before taking any action. “Do” involves executing the plan into action. “Check” audits the effectiveness of the execution. “Act” evaluates the process and determines steps for improvement.
The following available methodologies and technologies can enable you to apply PDCA to protect SCADA and DCS systems.
To avoid unnecessary investments and activities, you should make a careful preliminary evaluation with currently updated records, and have a clear view of scope, responsibilities and all essentials.
A quick planning checklist includes updated documentation of network systems; a list of components, applications, managed data and connections to identify any weak link; and a list of persons who have or should have access to systems, data, policies and procedures that are present and in use.
Harden security system and applications.
Often systems and applications (e.g., internet browsers, media players, office applications and operating systems, USB ports, CD-DVD player, etc.) already feature security functions. It is useful to examine these and implement them properly.
The system and/or production network should be separate from the business/management network, which typically has access to the internet and, as a result, can be exposed to malware.
The machines in production cannot be protected from malware in a timely manner in the same way as those of the enterprise network. You must assess how one (or more) firewalls shield the two networks. It is necessary to pay attention also to the extensions (external connections for maintenance, suppliers, outsourcers, wireless, etc.) that could expand the perimeter.
In addition, define and implement policies for managing patches and tools for fighting malware contamination and denial-of-service attacks on the network.
Further segmenting the network into compartments allows you to implement protection-in-depth. It is important to segregate critical assets (e.g., shared servers, remote access, wireless access-point, etc.) into well-defined zones (e.g., DMZ) with policy-based access control and careful management of privileges.
You must also design and implement rules for access control and sharing of data, applications and resources, and define, implement and monitor all external secure access connections needed for business users, remote maintenance, third parties, etc.
It is important to use policy to limit access privileges to a minimum, keep an up-to-date list of access accounts, periodically check logs and renew all access credentials with enhanced access control (strong authentication) where necessary.
Implement monitoring and logging systems for applications, infrastructure, etc.
By recording incidents and assessing alerts on the health status of the system, you can avoid interruptions in production.
Manage the configuration with all changes documented and backup date to limit disruption and delays in case of restarts.
There is ad-hoc software developed to control even complex systems (PC, server, etc.). Periodically check the event log for incidents to confirm technological safeguards (firewalls, network components and systems), documentation, procedures and appropriate access is maintained. Perform a complete system check every six to 12 months.
Network configurations and system, firewalls, access, applications and procedures can change. Any change can impact other components and connections.
The PDCA model offers a straightforward, yet comprehensive approach to securing SCADA systems. By diligently adhering to the steps in the PDCA model, your organization can make a significant impact on whether your SCADA and DCS systems are effectively defended against potential attacks.