Inst ToolsInst ToolsInst Tools
  • Ask
  • Courses
  • Videos
  • Q & A
    • Interview
      • Instrumentation
      • Electronics
      • Electrical
      • Practical Questions
    • MCQ
      • Instrumentation MCQ
      • Electrical MCQ
      • Electronics MCQ
      • Control Systems MCQ
      • Analog Electronics MCQ
      • Digital Electronics MCQ
      • Power Electronics MCQ
      • Microprocessor MCQ
      • Multiple Choice Questions
  • EE
    • Electronics
      • Electronics Q & A
      • Electronic Basics
      • Electronic Devices & Circuits
      • Electronics Animation
      • Digital Electronics
    • Electrical
      • Electrical Basics
      • Electrical Q & A
      • Power Electronics
      • Electrical Machines
      • Electrical Animation
      • Power Systems
      • Switchgear & Protection
      • Transmission & Distribution
  • Measure
    • Control Valves
    • Calibration
    • Temperature
    • Pressure
    • Flow
    • Level
    • Analyzers
    • Switches
    • Vibration
    • Solenoid Valve
  • Control
    • PLC Tutorials
    • Control Systems
    • Safety Instrumented System (SIS)
    • Communication
    • Fire & Gas System
  • More
    • Design
    • Tools
    • Animation
    • Basics
    • Formulas
    • Standards
    • TextBooks
    • Common
    • Software
    • Excel Tools
    • Erection & Commissioning
    • Process Fundamentals
    • Videos
    • Books
Search
All rights reserved. Reproduction in whole or in part without written permission is prohibited.
Reading: ICS Control System Security
Share
Notification Show More
Font ResizerAa
Inst ToolsInst Tools
Font ResizerAa
  • Courses
  • PLC Tutorials
  • Control Systems
Search
  • Ask
  • Courses
  • Videos
  • Q & A
    • Interview
    • MCQ
  • EE
    • Electronics
    • Electrical
  • Measure
    • Control Valves
    • Calibration
    • Temperature
    • Pressure
    • Flow
    • Level
    • Analyzers
    • Switches
    • Vibration
    • Solenoid Valve
  • Control
    • PLC Tutorials
    • Control Systems
    • Safety Instrumented System (SIS)
    • Communication
    • Fire & Gas System
  • More
    • Design
    • Tools
    • Animation
    • Basics
    • Formulas
    • Standards
    • TextBooks
    • Common
    • Software
    • Excel Tools
    • Erection & Commissioning
    • Process Fundamentals
    • Videos
    • Books
Follow US
All rights reserved. Reproduction in whole or in part without written permission is prohibited.
Inst Tools > Blog > Control Systems > ICS Control System Security

ICS Control System Security

Last updated: May 28, 2024 3:30 pm
Editorial Staff
Control Systems
No Comments
Share
13 Min Read
SHARE

This article provides an overview of these ICS and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks.

Contents
ICS Control SystemPossible incidents an ICS may face include the following:ICS SecurityMajor security objectives for an ICS implementation should include the following:Restricting logical access to the ICS network and network activity.Restricting physical access to the ICS network and devices.Protecting individual ICS components from exploitation.Restricting unauthorized modification of data.Detecting security events and incidents.Maintaining functionality during adverse conditions.Restoring the system after an incident.ICS StrategiesIn a typical ICS this means a defense-in-depth strategy that includes:Read Next:

ICS Control System

ICS Control System

Industrial control systems (ICS) include supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC) are often found in the industrial control sectors.

ICS are typically used in industries such as electric, water and wastewater, oil and natural gas, transportation, chemical, pharmaceutical, pulp and paper, food and beverage, and discrete manufacturing (e.g., automotive, aerospace, and durable goods.) SCADA systems are generally used to control dispersed assets using centralized data acquisition and supervisory control.

DCS is generally used to control production systems within a local area such as a factory using supervisory and regulatory control. PLCs are generally used for discrete control for specific applications and generally provide regulatory control.

Initially, ICS had little resemblance to traditional information technology (IT) systems in that ICS were isolated systems running proprietary control protocols using specialized hardware and software. Many ICS components were in physically secured areas and the components were not connected to IT networks or systems.

Widely available, low-cost Internet Protocol (IP) devices are now replacing proprietary solutions, which increases the possibility of cybersecurity vulnerabilities and incidents. As ICS are adopting IT solutions to promote corporate business systems connectivity and remote access capabilities, and are being designed and implemented using industry-standard computers, operating systems (OS) and network protocols, they are starting to resemble IT systems.

This integration supports new IT capabilities, but it provides significantly less isolation for ICS from the outside world than predecessor systems, creating a greater need to secure these systems. The increasing use of wireless networking places ICS implementations at greater risk from adversaries who are in relatively close physical proximity but do not have direct physical access to the equipment.

While security solutions have been designed to deal with these security issues in typical IT systems, special precautions must be taken when introducing these same solutions to ICS environments. In some cases, new security solutions are needed that are tailored to the ICS environment.

Although some characteristics are similar, ICS also has characteristics that differ from traditional information processing systems. Many of these differences stem from the fact that logic executing in ICS has a direct effect on the physical world.

Some of these characteristics include significant risk to the health and safety of human lives and serious damage to the environment, as well as serious financial issues such as production losses, negative impact on a nation’s economy, and compromise of proprietary information.

ICS have unique performance and reliability requirements and often use operating systems and applications that may be considered unconventional to typical IT personnel. Furthermore, the goals of safety and efficiency sometimes conflict with security in the design and operation of control systems.

ICS cybersecurity programs should always be part of broader ICS safety and reliability programs at both industrial sites and enterprise cybersecurity programs because cybersecurity is essential to the safe and reliable operation of modern industrial processes.

Threats to control systems can come from numerous sources, including hostile governments, terrorist groups, disgruntled employees, malicious intruders, complexities, accidents, and natural disasters as well as malicious or accidental actions by insiders. ICS security objectives typically follow the priority of availability and integrity, followed by confidentiality.

Possible incidents an ICS may face include the following:

  • Blocked or delayed flow of information through ICS networks, which could disrupt ICS operation.
  • Unauthorized changes to instructions, commands, or alarm thresholds, which could damage, disable, or shut down equipment, create environmental impacts, and/or endanger human life.
  • Inaccurate information sent to system operators, either to disguise unauthorized changes or to cause the operators to initiate inappropriate actions, which could have various negative effects.
  • ICS software or configuration settings modified, or ICS software infected with malware, which could have various negative effects.
  • Interference with the operation of equipment protection systems, which could endanger costly and difficult-to-replace equipment.
  • Interference with the operation of safety systems, which could endanger human life.

ICS Security

Major security objectives for an ICS implementation should include the following:

Restricting logical access to the ICS network and network activity.

This may include using unidirectional gateways, a demilitarized zone (DMZ) network architecture with firewalls to prevent network traffic from passing directly between the corporate and ICS networks, and having separate authentication mechanisms and credentials for users of the corporate and ICS networks.

The ICS should also use a network topology that has multiple layers, with the most critical communications occurring in the most secure and reliable layer.

Restricting physical access to the ICS network and devices.

Unauthorized physical access to components could cause serious disruption of the ICS’s functionality. A combination of physical access controls should be used, such as locks, card readers, and/or guards.

Protecting individual ICS components from exploitation.

This includes deploying security patches in as expeditious a manner as possible,

  • after testing them under field conditions;
  • disabling all unused ports and services and assuring that they remain disabled;
  • restricting ICS user privileges to only those that are required for each person’s role;
  • tracking and monitoring audit trails; and
  • using security controls such as antivirus software and file integrity checking software where technically feasible to prevent, deter, detect, and mitigate malware.

Restricting unauthorized modification of data.

This includes data that is in transit (at least across the network boundaries) and at rest.

Detecting security events and incidents.

Detecting security events, which have not yet escalated into incidents, can help defenders break the attack chain before attackers attain their objectives.

This includes the capability to detect failed ICS components, unavailable services, and exhausted resources that are important to provide proper and safe functioning of the ICS.

Maintaining functionality during adverse conditions.

This involves designing the ICS so that each critical component has a redundant counterpart. Additionally, if a component fails, it should fail in a manner that does not generate unnecessary traffic on the ICS or other networks or does not cause another problem elsewhere, such as a cascading event.

The ICS should also allow for graceful degradation such as moving from “normal operation” with full automation to “emergency operation” with operators more involved and less automation to “manual operation” with no automation.

Restoring the system after an incident.

Incidents are inevitable and an incident response plan is essential. A major characteristic of a good security program is how quickly the system can be recovered after an incident has occurred.

To properly address security in an ICS, it is essential for a cross-functional cybersecurity team to share their varied domain knowledge and experience to evaluate and mitigate risk to the ICS. The cybersecurity team should consist of a member of the organization’s IT staff, control engineer, control system operator, network and system security expert, a member of the management staff, and a member of the physical security department at a minimum.

For continuity and completeness, the cybersecurity team should consult with the control system vendor and/or system integrator as well. The cybersecurity team should coordinate closely with site management (e.g., facility superintendent) and the company’s Chief Information Officer (CIO) or Chief Security Officer (CSO), who in turn, accepts complete responsibility and accountability for the cybersecurity of the ICS, and for any safety incidents, reliability incidents, or equipment damage caused directly or indirectly by cyber incidents.

An effective cybersecurity program for an ICS should apply a strategy known as “defense-in-depth,” layering security mechanisms such that the impact of a failure in any one mechanism is minimized. Organizations should not rely on “security by obscurity.”

ICS Strategies

In a typical ICS this means a defense-in-depth strategy that includes:

  • Developing security policies, procedures, training and educational material that applies specifically to the ICS.
  • Considering ICS security policies and procedures based on the Homeland Security Advisory System Threat Level, deploying increasingly heightened security postures as the Threat Level increases.
  • Addressing security throughout the lifecycle of the ICS from architecture design to procurement to installation to maintenance to decommissioning.
  • Implementing a network topology for the ICS that has multiple layers, with the most critical communications occurring in the most secure and reliable layer.
  • Providing logical separation between the corporate and ICS networks (e.g., stateful inspection firewall(s) between the networks, unidirectional gateways).
  • Employing a DMZ network architecture (i.e., prevent direct traffic between the corporate and ICS networks).
  • Ensuring that critical components are redundant and are on redundant networks.
  • Designing critical systems for graceful degradation (fault-tolerant) to prevent catastrophic cascading events.
  • Disabling unused ports and services on ICS devices after testing to assure this will not impact ICS operation.
  • Restricting physical access to the ICS network and devices.
  • Restricting ICS user privileges to only those that are required to perform each person’s job (i.e., establishing role-based access control and configuring each role based on the principle of least privilege).
  • Using separate authentication mechanisms and credentials for users of the ICS network and the corporate network (i.e., ICS network accounts do not use corporate network user accounts).
  • Using modern technology, such as smart cards for Personal Identity Verification (PIV).
  • Implementing security controls such as intrusion detection software, antivirus software and file integrity checking software, where technically feasible, to prevent, deter, detect, and mitigate the introduction, exposure, and propagation of malicious software to, within, and from the ICS.
  • Applying security techniques such as encryption and/or cryptographic hashes to ICS data storage and communications where determined appropriate.
  • Expeditiously deploying security patches after testing all patches under field conditions on a test system if possible, before installation on the ICS.
  • Tracking and monitoring audit trails on critical areas of the ICS.
  • Employing reliable and secure network protocols and services where feasible.

Read Next:

  • Industrial Automation System
  • Remote Connectivity of Systems
  • Types of Industrial Control Systems
  • DCS System Architecture
  • Operator Interface of SCADA
Don't Miss Our Updates
Be the first to get exclusive content straight to your email.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
You've successfully subscribed !
Best Way to Build Troubleshooting Mindset for Automation Engineer
Single Loop Controller Questions
System Cabinet Health Checks – PLC and DCS Industrial Automation
Relay Operation, Types, Symbols & Characteristics
Proportional Integral Derivative Controllers – PID MCQ
Share This Article
Facebook Whatsapp Whatsapp LinkedIn Copy Link
Share
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected

128.3kFollowersLike
69.1kFollowersFollow
208kSubscribersSubscribe
38kFollowersFollow

Categories

Recent Comments

  • Kamli on Top Free PLC Software
  • Guifty Shimica on Top Non-PLC Certification Courses for Automation Professionals
  • Guifty Shimica on Top Non-PLC Certification Courses for Automation Professionals
  • MIHARITSOA Aina Sitraka on Top Non-PLC Certification Courses for Automation Professionals

Related Articles

Control Sytem Open Loop and Closed Loop

Introduction to Control System

What is Loop Checking

What is Loop Checking?

PID Controller Responses to Two momentary step inputs

PID Controller Response with different Input Signals

Yokogawa DCS

Yokogawa DCS and SIS System Architecture

Workstation Healthiness Checks

Workstation Healthiness Checks

Definitions of Electrical Grounding

Definitions of Electrical Grounding

Heat Exchanger Outlet Temperature Control

Heat Exchanger Temperature Control

Override Control Functions

Override Control Functions

More Articles

Overview of Industrial Control Systems

Overview of Industrial Control Systems

Feedback Pneumatic Load cell Objective Questions

Feedback Pneumatic Load cell Objective Questions

PLC Commissioning and Testing

PLC Commissioning and Testing Procedure (Programmable Logic Controller)

Ladder Diagram Example using Memory Bits and Set Coils

Ladder Diagram Example using Memory Bits and Set Coils

What is a Differential Mode Signal

Difference Between Differential Mode and Common Mode

3 to 8 Line Decoder Circuit Diagram

3 to 8 Line Decoder PLC Ladder Diagram

control of level in three cascaded Loops

Multiple Lags (orders)

What is a function call in TIA Portal

Difference Between FC and FB in Tia Portal

Follow US
All rights reserved. Reproduction in whole or in part without written permission is prohibited.
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?