Layer 2: The aggregation zone where data concentration, switches and controllers reside.Layer 1: The access zone with perimeter gateway security (e.g., firewalls and port servers) whose purpose is to manage access security through directing traffic flows and traffic encryption.Alternative attack vectors, such as USB drives, can circumvent all defense mechanisms and endanger the operations technology (OT) network.Īn illustration of a multilayer security framework: Consequently, if malicious actors want to reach the targeted asset, they must go first through the security controls of every other layer.įor SCADA and ICS environments typical security controls that allow for the implementation of a layered defense system are Ethernet switches and security gateways. Critical assets are to be placed in the most secure layer. Multilayer security would protect ICS/SCADA systems by providing unique security controls at each layer. Department of Homeland Security states that only approximately one-third of electric utilities have integrated security systems with the “ proper segmentation, monitoring and redundancies ” necessary to ward off a cyberattack. Network segmentation and multilayer securityĪ 2015 report issued by the U.S. If there are lessons to be learned from the cyberattack against the German steel plant, one of them should definitely be: separate the office IT network from the industrial or operations technology network. In fact, this cyberattack was a classic example of an advanced persistent threat (APT). Finally, they had full control over significant components in the plant, thus shutting down a blast furnace in an uncontrolled manner, which resulted in massive damage to vital electronics in the plant. Then the cybercriminals moved to the production network (that is the so-called “lateral movement”), which is the place where critical assets reside. First, attackers used a spearphishing to obtain access to the steel plant’s office information technology (IT) network. Change control and configuration managementĭue to a transition in automation, power and industrial control industries from switched circuits to switched packet communications, ICS/SCADA networks are becoming more vulnerable to a growing number of threats, including (self-propagating) malware and nation-state-sponsored cyberattacks.Īnother well-known cyberattack that caused confirmed physical damage to an ICS was a 2014 cyberattack against a steel plant in Germany.These manuals outline security best practices in the following areas: National bodies, such as Public Safety Canada, have designed manuals of recommended best practices for organizations to follow which will facilitate the entire process of securing their ICS environments. Prevention is the keyīruce Schneier once said that “prevention is best combined with detection and response.” Consequences of a security breach in ICS/SCADA environments may vary, so security teams should perform a thorough assessment of ICS systems to identify all kinds and levels of risk in order to put in place the corresponding safeguards. The Stuxnet worm attack on the Iranian nuclear power plant Natanz, uncovered in 2010, is perhaps the most well-known instance of a security breach in cyberspace with physical consequences in the realm of ICS/SCADA security. Unlike other cyberattacks, ICS/SCADA-oriented cyberattacks may affect critical infrastructure operations, inflict substantial economic losses, contaminate the ecological environment and even claim human lives. Unfortunately, these systems are gradually becoming a favorite target of hackers, especially those driven by political motivation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |