Industrial Security
Industrial Ethernet
Data Centers
Broadcast AV
Belden News
Blog Home

SCADA Security Basics: Integrity Trumps Availability

Posted by: Industrial IT Team on November 06, 2012

In last week's blog, Heather wrote an excellent summary of Mark Cooksley's network security presentation regarding "Why Industrial Networks are Different than IT Networks". In it she noted that the number one goal of ICS security is based on the concern for safety. This is spot-on in my opinion. However, there is more to consider when it comes to industrial security priorities…

ICS Security Priorities: Availability, Integrity, Confidentiality?

Last week’s article included the following table:

Priority

IT

SCADA/ICS

#1

Confidentiality

Availability

#2 Integrity Integrity
#3

Availability

Confidentiality

The first thing to take from this table is that (in general) IT and SCADA/ICS have different risk management priorities. Confidentiality is paramount for IT, while Availability is paramount for SCADA and ICS, followed by Integrity and Confidentiality (A-I-C). So far so good.

Or is it? Is Availability really the top priority for all control systems?

This table is taken directly from the IEC/ISA 62443-2-1 standards (formerly ISA-99) so it comes with excellent credentials. However, within a few hours of the blog going live, two readers immediately commented:

"With the network management systems and control centers, the priority should be 1- Integrity, 2-availability 3-confidentiality"

"While AIC may be the priority for a production system, I'd suggest that, for a Safety PLC, the priority should be IAC"

The above examples make sense - Integrity is more important that Availability for a safety system or a network management system.

Does Availability Really Trump Integrity for SCADA Systems?

Now these two exceptions got me wondering about ICS in general - have we got it wrong when we show availability being above integrity for control systems in general? The more I think about it, the more I think IEC/ISA 62443 is wrong. Integrity is nearly ALWAYS more important than availability in control systems (Confidentiality is still last).

Let's take a more general case than a safety system, one where production has limited impact on safety. For example, take an automation line making 10” frozen pizzas and putting them into cardboard packages for shipping to food stores. Now imagine that the control system sent the wrong message and the line started making 15" pizzas, ones too big for the boxes? As the production manager, which would you prefer to do:

a) continue making pizzas (even if they don't fit in the packaging) or

b) shut down and fix the issue?

If you picked the latter, then you choose integrity of your process over the availability of your process.

I think most engineers and most companies, even if safety isn't an issue, would pick integrity over availability. Certainly there is tolerance for some error (15.1" pizzas are fine), but ultimately there is a threshold where integrity trumps all.

Pizza-manufacturing-V1

In the case of food processing, production problems have limited impact on safety. If something goes wrong, it is likely more important to fix the production problem rather than keep the system running. This is a case where Integrity trumps Availability.

In fact, I think this preference has been built into our communications since the early days of control systems. What do we find in the last 2 or 4 bytes of every message set over a wire in a factory? Depending on the technology, you find a Frame Check Sequence (FCS), Cyclical Redundancy Check (CRC) or Block Character Check (BCC). And what do these bytes do? Allow the receiving device to validate the Integrity of a message. And what do they do if the integrity check fails? Discard the message. And if too many checks fail, the system goes down. So much for Availability.

If availability was more important than integrity, control systems vendors would let users turn off the integrity checks. But vendors don't give us that option - they quickly realized that bad information is worse than no information at all. Customers will be far more upset if a PLC opens the wrong valve rather than opening no valve at all.

Integrity of SCADA and ICS Systems is What Really Matters

I think that for nearly all modern production systems, integrity is what really matters the most, even when safety isn't involved. And if this is true, then we need to remember that in our security designs for ICS.

It doesn't mean that we say availability isn't important, because it is. Nothing ends a security project faster than a self-induced "Denial of Service".

But we need to demand that the ICS vendors supply products with integrity that can't be easily circumvented. This is a requirement that will not be answered by throwing encryption at the problem.

At the same time the user community needs to figure out how it can add integrity checks to the control systems that are installed and running today in our factories, refineries and utilities.

Without both users and vendors working on this, our SCADA and ICS systems will stay vulnerable for the next 20 years. That is something our world cannot afford.

Let me know your thoughts on Integrity and Availability and what needs to be done to secure systems for both types of risk.

Related Content to Download

Note: you will need to register for Tofinosecurity.com to access this content. Once you register, come back to this page and click on the link below.

Presentation - "Introduction to Network Security"

Download this 71 slide presentation and learn:

  • The differences between IT and ICS systems and high level solutions for securing industrial networks
  • What firewalls do and what they do not do
  • The OSI Model and how different technologies secure different layers of it
  • What VPNs are and the different types of encryption they use


Related Links

© Tofino Security 2012 | All Rights Reserved | Tofino Security is part of Hirschmann, a Belden Brand

Tags:ICS Security

Bookmark and Share

Comments

 
 

Post A Comment






 
Follow Us

Subscribe
Industrial Security
RSS Feed
Industrial Security
Email Notifications

Search
Industrial Security Blog
All Belden Blogs


Stay Informed