Over the next couple of blogs, I plan to map out the importance of ISA/IEC-62443/ISA-99 based cybersecurity and how it applies to your work environment. I'll also explain some of our services so that you can see what might pertain to you.
For part 1, I will start from the beginnning and outline what exactly ICS Security is and why it is important.
What is ICS Security?
To put it bluntly, it's somebody messing around with your process control system that you don't want. It's keeping the bad guys out and the good guys in.
It can be done through computers, through the networks, through wireless devices, through USBs plugged in, etc. Anything that can cause your system not to operate in the way you expect it to could be considered some sort of cybersecurity event. It goes by a bunch of different names, PCN: Process Control Network, SCADA system, industrial automation control system security, they all mean the same thing. Keep the bad guys out and the good guys in.
Why is the industrial control system so vulnerable today? It's because, as it has evolved over the past 20 years, it has gone away from using proprietary equipment, proprietary busses, proprietary communications, to an off the shelf technology, or COTS (commercial off the shelf technology). It can be the same Ethernet switches, the same wires, the same routers, the same computers that are used in your desktop environment in your office, at your home, in your kids’ school, etc. So people know how to work these things, they know viruses can affect them. That has all been brought into the process control network.
The enterprise now insists on being connected to the process control network to get training information, historical information, to pass information between facilities, and between sites. Now there is a connection back up to the enterprise, which never existed before. It used to be that the process control was an autonomous system, it did what it needed to do and if you wanted to know something you came and asked. Now you can find it all by yourself.
Remote access used to be a unique thing where only the high level got it. Today, anybody can get remote access. You can dial in from your home or on vacation on the beach somewhere and be able to do modifications to your control system.
And public information: there is information about how these things work on almost every website you could possibly find. You can google almost anything and get the information on how process control systems run.
Pathways into the Control Network
A quick but simple example on how we can get into the network. This is absolutely not all-inclusive, but remote support, a user who you've trusted to come in, connect up to your system, to do some work, has infected systems. There have been instances where the control system DCS was delivered with control system components infected with viruses. That's a true story.
Other ways include:
- Misconfigured firewalls.
- Infected laptops - maybe a third party vendor came in to do some work on your system, his laptop had some sort of malware on it.
- Unauthorized connections - somebody decides they want a wireless device so they plug a wireless device in and now everybody has access to it. Old fashioned modems, external connections to networks could be over a cable link, DSL link, cellular link, etc.
So, there are a myriad of ways that people can get in to do damage to your system if they really wanted to.
Why is ICS Security Important?
What I tell people when they ask me what I do just before they get the glassy eyed deer-in-the-headlight look is, if your corporate network or your home network were compromised, you'd lose your email, you'd lose your internet access, you'd probably be upset, maybe be mad. If somebody compromises my network, things could go Kaboom because I'm controlling things that are real world devices. I'm controlling things that turn on and off, that compress, that freeze, that heat, etc. It can cause real damage to real things and hurt real people.
It’s shown that a lot of ICS equipment is sensitive to excessive network traffic, so in an office environment you may lose communication for a while because that device is getting too much traffic applied to it. In the process control world, it actually shuts those devices down, drops them off the network, and corrupts them.
In the next part of this blog I will talk about IT versus ICS Security and Differing Security Focus Between IT and ICS.