Industrial Control Systems
Industrial Control Systems Security Pattern
Click on controls in the diagram to view details. Download SVG
When to Use
Any commercial or government organisation operating industrial automation equipment- typical applications are process control for production lines, transport infrastructure, energy, emergency services, shipping, heathcare, water. This pattern should apply in the majority of cases given the cost of securing versus the cost of the equipment and impact from process downtime.
When NOT to Use
Low impact if the automated process does not operate within specified tolerance levels. Very low availability requirements for processes. Certainty that system is isolated with strong logical and physical access controls. First generation panel based equipment that has no network connectivity or use of COTS software.
Typical Challenges
Lack of skilled personnel or service providers to specify security requirements, configure and manage systems. Legacy ICS equipment that cannot be secured.
It can be hard to differentiate system failures from behaviour under attack. Therefore it is important to identify monitoring options for the system to be secured and as far as possible establish a baseline of 'normal' behaviour. [More details on how you could do this]
Threat Resistance
Infection by malicious code (Recent attacks have placed a shim around the DLL used on the SCADA PC to communicate to controllers). Compromise to integrity or availability of environment that disrupts industrial process or damages equipment.
Assumptions
An attack on Industrial Control Systems allows real-world physical actions via the Internet and it is likely to be used increasingly by criminals and 'black hat' groups to impact operations for critical infrastructure and services. The knowledge and tools to attack will become rapidly available and commoditised via the internet. Financial motives will increase as there is significant potential for extortion demands if high value processes are interrupted.
This pattern assumes that industrial control systems will increasingly utilise standard networking technologies such as TCP/IP over Ethernet and be connected to the corporate network to provide management information on processes. Management and monitoring of systems will be increasingly provided by 3rd parties that supply equipment and supporting services.
This implies that the same security issues that affect general IT systems will increasingly impact process automation systems and therefore requires same level of development maturity to ensure that security requirements are fully specified and built into the systems.
Mapped Controls (34)
- AC-03 Access Enforcement
- AC-06 Least Privilege
- AC-17 Remote Access
- AC-18 Wireless Access Restrictions
- AU-02 Auditable Events
- CA-02 Security Assessments
- CA-07 Continuous Monitoring
- CM-02 Baseline Configuration
- CM-03 Configuration Change Control
- CM-05 Access Restrictions For Change
- CM-07 Least Functionality
- CP-02 Contingency Plan
- CP-09 Information System Backup
- CP-10 Information System Recovery And Reconstitution
- IA-02 User Identification And Authentication
- IA-03 Device Identification And Authentication
- IR-02 Incident Response Training
- IR-04 Incident Handling
- IR-05 Incident Monitoring
- IR-07 Incident Response Assistance
- MA-02 Controlled Maintenance
- MA-04 Remote Maintenance
- PE-03 Physical Access Control
- PE-04 Access Control For Transmission Medium
- PE-06 Monitoring Physical Access
- RA-03 Risk Assessment
- RA-05 Vulnerability Scanning
- SC-07 Boundary Protection
- SC-08 Transmission Integrity
- SC-09 Transmission Confidentiality
- SC-23 Session Authenticity
- SI-02 Flaw Remediation
- SI-03 Malicious Code Protection
- SI-05 Security Alerts And Advisories