When your “nail” is computer system security, the “hammer” is often commercial IT security measures. And though a good dose of IT security is essential to industrial control system security, successfully securing a control system requires additional steps.
A recent release from Tofino Security highlighted the unique aspects of industrial control systems that set their security measures apart from most IT systems. Some of these factors included control systems placement on the plant floor, rather than a climate controlled data center; their potential for placement in or close to hazardous environments; plus the fact that the average life span of equipment on the plant floor is measured in decades rather than a few years.
Referencing information from a Belden Industrial Ethernet Infrastructure Design Seminar, the Tofino release boiled down the differences between IT and ICS (industrial control system) security solutions to the fact that each system has different:
• Performance requirements;
• Reliability requirements;
• Operating systems and applications;
• Risk management goals;
• Security architectures; and
• Security goals.
Security goals are an essential difference between the two. For example, the number one goal of IT security is focused on privacy, i.e., protecting the data; whereas the number one goal of ICS security is based on safety, i.e., protecting the process. An image attached to this story highlights the ranking in priority of system concern differences between IT and ICS.
To help clarify the differences in security requirements for ICSs, three major categories of ICS security issues are outlined in the seminar. Those issues are:
Soft Targets. According to Belden, control networks are full of what are known as “soft” targets – devices vulnerable to disruption through their network interface. The PCs in many plants run for weeks or months without any security updates, and some even operate without any anti-virus tools. In addition, many of the controllers in these networks were designed in an era when cyber security was not a concern; as a result, many of these devices can be disrupted by malformed network traffic or even by high volumes of proper traffic.
Multiple Pathways. Many control networks have multiple pathways through which cyber security threats can enter the plant. These pathways often bypass existing security measures in the plant, and some don’t even appear on a network diagram. For example, laptop computers carried in and out of facilities, or USB keys that move from one PC to another. These can easily bring malware into the plant and rapidly spread it from one system to another.
Flat Networks. Many ICS networks are still implemented as large, “flat” networks with no isolation between unrelated subsystems. This means that if a problem occurs in one part of the plant, it can spread very quickly to other unrelated subsystems and even to remote plant sites.