If you’re like me, when you don’t know how to do something you avoid or delay doing it. Even though I love learning new things and tackling new adventures, in the context of work, there never seems to be enough time. That means taking on a new challenge or learning best practices about a new topic is often put on the back burner.
If cyber security is a new area for you, then this is an article you really want to read. It is short and it explains three important concepts that once you know, you can start putting into practice right away.
Think of it this way, cyber security is a topic of high concern at the top levels for all companies. Plus, the Industrial Internet of Things (IIoT) is connecting more devices and systems to the control network, increasing the likelihood of cyber incidents. It’s more important now than ever before to understand the principles of cyber security. Let’s get started….
One essential concept for ICS security is to protect your most important assets first. In the case of a water filtration plant that is likely the PLCs that control chlorine levels.
1. ICS Security Principle: Start with a Risk Assessment
Starting with a risk assessment is a best practice recommended not just by Belden, but by many security consulting firms and standards groups. You need to understand your network’s level of risk and rate the state of cyber defenses at your facilities.
This might sound like a big project, or a costly consulting engagement. However, it is possible to do it internally and at no cost. While this may not be for everyone, it could be a viable option if a third-party assessment is not in your budget right now. It is also a heck of a lot better than doing nothing about improving the security of your Industrial Control System (ICS) network.
The steps for implementing a zero-cost industrial security risk assessment include the following:
- Determine who should help with the risk assessment (consider IT personnel, an executive and a person from each type of job in your company)
- Identify critical assets
- Prioritize and list the largest risks for each asset
- Prioritize the list of industrial security assets
- Determine and rate existing protection measures
Learning this process is important and it is not a one-time exercise. Good security requires monitoring, evaluating and improving your plans regularly in order to ensure current measures are working effectively. This will also help you to recognize new or developing risks to the network.
2. ICS Security Principle: Plan a “Defense in Depth” Strategy
After completing the risk assessment, you need to create a plan to secure your network. The approach you want to take is called Defense in Depth (DiD), which includes multiple layers of defense distributed throughout the control network.
A well-developed DiD strategy includes:
- Multiple layers of defense instead of relying on a single point of security
- Differentiated layers of defense, ensuring an attacker can’t access all subsequent layers after getting past the first
- Context- and threat-specific layers of defense, meaning each layer is optimized to deal with a specific class of threats
If your network is protected by a DiD strategy, the impact of an accidental security incident or a malicious attack will be limited to the zone where the problem began. You want to set up your systems so that the right people or teams receive an alarm and the work to identify the issue begins in a timely fashion.
3. ICS Security Principle: Protect the Crown Jewels First
Lastly, you must prioritize the crown jewels. What are the crown jewels? Think of the systems that would cause a complete disaster for your network if they were shut down (either unintentionally or maliciously).
These might be the safety integrated system (SIS) in a refinery, the programmable logic controller (PLC) managing chlorine levels in a water filtration plant, or the remote terminal unit (RTU) in an electrical substation. Every control engineer knows what really matters to his or her particular operation. Aggressively protect this asset and the chance of a truly serious cyber incident is greatly reduced.
Control systems have become complex and difficult to protect at all times, so focus your resources on securing those assets that really matter to the survival of the company.
Don’t let the complications brought on by the IIoT’s increased connectivity or the high cost of formal risk assessments keep you from protecting your network effectively. By taking the right steps to understand your risks, choosing a layered approach to your ICS security, and prioritizing your most important assets, you can successfully protect your network in our increasingly connected world.
How are you protecting your network? I look forward to hearing from you.
- Blog: Industrial Networking: Easy Security Risk Assessment
- Blog: SCADA Security: Justifying the Investment
- Blog: One-Stop Cyber Security Made Easy
Defense in Depth, Protecting the Crown Jewels
- Blog: Defense in Depth Part 2: Layering Multiple Defenses
- Blog: Implementing Cyber Security Measures in Electrical Substations
- Blog: Defense in Depth Cyber Security for Substation Communications
- Blog: What Advanced Persistent Threats (APTs) Can Teach the ICS and SCADA Security Practitioner – Part 1
Belden Industrial Firewalls