Doug Wylie, CISSP
Today, companies face an ever-compounding challenge with industrial control systems (ICS) to responsibly, yet securely connect to them from distant locations.†By remotely connecting to a system, owners and operators enjoy benefits that can bolster process visibility, worker productivity and overall operational efficiency.† However, seemingly simple external communication links created for well-intentioned reasons can easily become a channel for adversaries to do their bidding.†
Systems previously insulated and isolated from threats of all sorts are now more exposed than ever. Attackers can reach the edges of critical systems from afar and they sometimes even successfully break through protective barriers intended to keep them at bay. Connectivity has killed the proverbial air gap and the momentum of industry adopting remote access solutions is unstoppableóthis movement helps to accelerate the newest digital industrial revolution, Industry 4.0, but it also brings with it considerable risk.
Control system owners and operators who make use of remote access solutions should be asking:
- Whatís connected and remotely connecting to my systems?
- Do I have visibility and adequate security controls on my external connections?
- How can risks and rewards with remote access be responsibly balanced?
Potential to Lose Everything in a Blink of an Eye
To a layperson, a refinery in a rural location may appear isolated and disconnected from the larger world.† But, the reality is far different from its appearance.† Production data is often moved into and out of the plant, to other locations and to its corporate operations as fluidly as the products it produces.† A power or water treatment plant, remote pumping station, or a mining location can also appear similarly disconnected, as can a goods and services created in factories that are geographically separated from a manufacturerís business systems.† Physical corridors and causeways, separated buildings, and even different time zones can divide an organizationís operations, but it is remote communication connections that create the digital bridges that tie the shop-floor to the top-floor and unify every aspect of even a global enterprise.
Whatís at stake is the safety and integrity of the processes that create and deliver the goods and services upon which we rely.† Recipes, formulas, manufacturing techniques, machinery designs, and production data are all highly desirable by outsiders.† Even more disturbing is how determined sophisticated threat actors are to establish persistent positions inside many systems and to build a capability to cause disruption, damage or destruction with just a few clicks of a mouse.
Striving for More-secure Remote Access Solutions
Itís not surprising that many control system asset owners have no idea just how many points of entry and exit there are in their systems.† Thereís a seemingly countless array of third party administered ICS services to choose from. Many network and security assessments often uncover at least 11 direct connections and pathways between control systems and business operations.† In many cases, the discovered connections often allow access to control operations directly from the Internet.
When planning for remote access solutions, or assessing existing systems to look for places where data crosses security boundaries, a crucial first step in the process is to ensure the access points and data paths are known and protected.† For an existing system, conducting a physical inventory is one part of the process, but often insufficient.† Using specialized ICS monitoring products that can discover connected devices and understand industrial protocols to baseline communication patterns are a useful complement to help find exactly whatís connected.
Best-Practices and Making Use of the Industrial DMZ
Where possible, fewer connections almost always make for better, more secure solutions.† Removing archaic modems and access points as well as consolidating remote connections through a small number of links helps to reduce complexity and provide an opportunity to better focus security efforts.
Key industry cybersecurity guidelines and standards call for intentional separation and segmentation of systems into zones connected by carefully controlled conduits. These same philosophies can and should be applied to remote access solutions for an ICS.
The implementation of an industrial Demilitarized Zone (DMZ) is a proven best practice to separate an ICS from a business enterprise and the Internet.† Properly implemented and maintained, an industrial DMZ provides an opportunity for carefully controlling ingress and egress points to an ICS while also enabling access needed to allow responsible data exchange between systems.
The use of DMZs is already commonplace in many Information Technology (IT) systems and itís equally applicable and advisable for Operational Technology (OT) systems, too.† Industrial guidelines and standards such as NIST SP 800-82 and ISA/IEC-62443 are especially helpful and provide reference architectures for how to build, configure and manage an industrial DMZ.† Both include network design guidance and describe what services are best to be blocked, and how best for data to traverse the DMZ.
Typically, there is little to no reason for industrial protocols and their specific control and command instructions to ever enter or leave the perimeter of an ICS.† Nonetheless, itís still important to keep a watchful eye at all times.† Network monitoring can examine what passes through these connections and generate alerts if unusual traffic is ever seen.† Such early detection of data leakage at a perimeter from misconfigurations or device failures can preempt and avert greater risks from ever developing.
Dividends from Education & Awareness
While adversaries continue to look for any weakness they can exploit, an ever-vigilant and empowered workforce that knows what cyber security risks look like and how to address them is an invaluable asset to a company.
Employee training and awareness programs pay back dividends because employees are typically a companyís first line of defense. Often, they are key resources in response and recovery activities should a problem arise.† Educating those who must maintain systems and enable data exchange with other systems is important not only to ensure the flow of information, but more significantly, to ensure the integrity of these remote connections.† Investments to train, empower and create trusted employees can thwart the malicious objectives of those on the outside who may be trying to gain foothold on the inside of an ICS.
Remote access solutions that connect ICS to business operations and the Internet are an unstoppable force.† Mere hope is not a valid strategy for protecting these systems from harm.† Employee education and vigilance, combined with the building, monitoring and maintenance of ICS remote access solutions are all valuable strategies.† Together, these can help companies enjoy the benefits of secure remote access solutions, while knowing they are more responsibly balancing the risks that come with such connections.
Doug Wylie is a certified security practitioner with over 20 years in the industrial automation space.† He currently serves as vice president of product marketing and strategy at NexDefense, a leading provider of cybersecurity solutions for industry.†