ISA Interchange

Welcome to the official blog of the International Society of Automation (ISA).

This blog covers numerous topics on industrial automation such as operations & management, continuous & batch processing, connectivity, manufacturing & machine control, and Industry 4.0.

The material and information contained on this website is for general information purposes only. ISA blog posts may be authored by ISA staff and guest authors from the automation community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Implementing Security for Industrial Automation Systems (Part 1)

 

This is Part 1 of a guest post series authored by Ronald L. Krutz, Ph.D., a scientist and consultant specializing in cybersecurity services, and author of the ISA book Industrial Automation and Control System Security Principles. Click this link to read a brief Q&A with the author, including a free PDF excerpt. Click this link to read Part 2 of this blog post series.

 

 Implementing security for industrial automation and control systems requires the identification of areas that have to be protected and the threats to which they might be exposed. The areas that require protection can be viewed from both the macro and micro level. For example, at the macro level, entities such as power plants, pipelines, refineries, communication networks, water treatment plants and transportation systems can be considered targets.

At the micro level, subsystems, such as controllers, networks, databases, human-machine interfaces, transducers, smart meters and programmable logic controllers (PLCs) are potentially vulnerable to various types of threats. Threats to both the macro and micro components include such sources as social engineering, malicious code, equipment failure, user errors, system intrusion, blackmail, sabotage, hacking, system bugs, unauthorized access, and other exploitations of vulnerabilities.

 

A good example of one type of threat realized is Stuxnet. Stuxnet is a worm that was designed to change control outputs on specific PLCs and conceal its existence from control room observers. It is of such complexity that it is probably the product of a team of programmers working many months to develop, debug, and test. The sophistication of Stuxnet leads many to believe it is the product of one or more nations working together.

Specifically, Stuxnet infects Windows PCs and modifies WinCC databases, which provide process visualization HMI functions. Stuxnet is introduced into computer systems through flash drives and was designed to manipulate output bits on Siemens SIMATIC STEP 7 PLCs to disrupt the operation of centrifuges at the Iranian Natanz uranium enrichment facility. From the information known about Stuxnet, it is not a great leap to imagine it being targeted at elements of a nation’s critical infrastructure, particularly the Smart Grid, in addition to refineries, chemical plants and pipelines.

There are a number of guidelines aimed at mitigating the effects of various threats against industrial control systems. One such document is NIST Special Publication 800-82, Guide to Industrial Control Systems Security. Topics in this publication include:

  • Maintaining functionality during adverse conditions. This involves designing the industrial control system (ICS) so that each critical component has a redundant counterpart. Additionally, if a component fails, it should fail in a manner that does not generate unnecessary traffic on the ICS or other networks, or does not cause another problem elsewhere, such as a cascading event.
  • Protecting individual ICS components from exploitation. This includes deploying security patches in as expeditious a manner as possible, after testing them under field conditions; disabling all unused ports and services; restricting ICS user privileges to only those that are required for each person’s role; tracking and monitoring audit trails; and using security controls such as antivirus software and file integrity checking software where technically feasible to prevent, deter, detect and mitigate malware.
  • Restoring system after an incident. Incidents are inevitable and an incident response plan is essential. A major characteristic of a good security program is how quickly a system can be recovered after an incident has occurred.
  • Restricting logical access to the ICS network and network activity. This includes using a demilitarized zone (DMZ) network architecture with firewalls to prevent network traffic from passing directly between the corporate and ICS networks, and having separate authentication mechanisms and credentials for users of the corporate and ICS networks. The ICS should also use a network topology that has multiple layers, with the most critical communications occurring in the most secure and reliable layer.
  • Restricting physical access to the ICS network and devices. Unauthorized physical access to components could cause serious disruption of industrial control system functionality. A combination of physical access controls should be used, such as locks, card readers, and/or guards.

 

Click this link to download a free excerpt from the ISA book Industrial Automation and Control System Security Principles.

 

The formal security controls used to protect an ICS can be categorized in three areas: management, operational and technical controls.  Below is a list of controls. Can you match the category for each control?  The answers will be reviewed and discussed in Part 2 of this blog post on implementing security for industrial automation systems.

Controls

  • Access control
  • Audit and accountability
  • Awareness and training
  • Identification and authentication
  • Maintenance
  • Personnel security
  • Physical and environmental protection
  • Planning
  • Risk assessment
  • Security assessments

Click this link to read Part 2 of this blog post series.

 

ISA offers standards-based industrial cybersecurity training, certificate programs, conformity assessment programs, and technical resources. Please visit the following ISA links for more information:

 

About the Author
Ronald L. Krutz has more than 30 years of experience in industrial automation and control systems, distributed computing systems, computer architectures, information assurance methodologies and information security training. Dr. Krutz has co-authored 15 books in the area of cybersecurity, authored the book, Securing SCADA Systems, and three textbooks on microcomputer system design, computer interfacing and computer architecture. He holds seven patents in the area of digital systems, and has published more than 30 technical papers.

 

Connect with Ronald
LinkedIn

 


Related Posts

Exploring Zero Trust in Operational Technology

Zero trust has become the top approach for IT security, guiding how organizations worldwide design their ...
Muhammad Musbah Nov 1, 2024 7:00:00 AM

The Role of IoT in Streamlining Communication for Industrial Automation

The Internet of Things plays a vital role in transforming industrial settings. As we usher in Industry 4....
Ainsley Lawrence Oct 29, 2024 7:00:00 AM

Maximize Operator Situation Awareness During Commissioning Campaign

Learning Outcomes Explain the scenario that often occurs during the construction and commissioning of lar...
Daniel O'Duffy Oct 25, 2024 7:00:00 AM