ICS-CERT recommends: Placing all control systems assets behind firewalls, separated from the business network Deploying secure remote access methods such as Virtual Private Networks (VPNs) for remote access
Full Answer
How to manage remote access to industrial control systems?
From the DMZ, after authentication, user-initiated remote access should follow a trusted path to the industrial control system—where the user will authenticate again, this time using the local identity and access management solution for the industrial control system. All remote access communications should be logged and monitored.
Can I connect remotely to a control system?
Connecting remotely to a control system has some specific considerations. There is existing literature on the topic of remote access to control systems, such as international standard IEC 62443-4-1:2018 and advice from ICS-CERT. This publication is broken into three sections:
What are the security requirements for Remote Access Communications?
All remote access communications should be logged and monitored. Various detection techniques could be implemented on remote access systems, like looking for brute force attempts or specific exploits for known vulnerabilities—but only if logging and monitoring is used. Developing these requirements should take time and careful consideration.
What is remote access and why do you need it?
This capability can help optimize resources, improve processes, and provide information vital for reliability. That said remote access, by definition, needs to penetrate the hard shell of industrial control systems to reach the gooey center.
What is a preferred security measure for remote access?
Virtual Private Networking (VPN) is often considered the best approach in securing trans-network communication.
What is ICS in cyber security?
ICS security is the area of concern involving the safeguarding of industrial control systems, the integrated hardware and software designed to monitor and control the operation of machinery and associated devices in industrial environments.
What is a best practice for compliance in the remote access domain?
Instead, a best practice is to adopt the principle of least privilege, which means that access for all users should be blocked by default and enabled only for the specific accounts that require it.
What is an ICS device?
What is an Industrial Control System (ICS)? ICS assets are the digital devices that are used in industrial processes. This includes all of the various components of critical infrastructure (power grid, water treatment, etc.), manufacturing, and similar applications. A number of different devices are classified as ICS.
Why is ICS security important?
NIST's Guide to Industrial Control Systems (ICS) Security helps industry strengthen the cybersecurity of its computer-controlled systems. These systems are used in industries such as utilities and manufacturing to automate or remotely control product production, handling or distribution.
Why is cybersecurity in ICS important?
We must defend ICS environments against the most urgent threats. Find and defeat adversaries before they cause harm. CISA and its partners will work together to improve visibility in OT environments so that we identify and defeat malicious activity quickly before it causes wide-spread harm.
What is required for remote access?
Remote computer access requires a reliable internet connection. You'll need to activate or install software on the device you want to access, as well as on the device — or devices — you want to use to get that access.
How do I setup a secure remote access?
Basic Security Tips for Remote DesktopUse strong passwords. ... Use Two-factor authentication. ... Update your software. ... Restrict access using firewalls. ... Enable Network Level Authentication. ... Limit users who can log in using Remote Desktop. ... Set an account lockout policy.
What the common remote access domain policies are?
Through remote access policies you can define the following: Grant or deny dial-in based on connection parameters such as type and time of the day. Authentication protocols (Password Authentication Protocol (PAP), CHAP, EAP, MS-CHAP) Validation of the caller id.
What do ICS systems do?
Definition(s): An information system used to control industrial processes such as manufacturing, product handling, production, and distribution.
What does ICS stand for?
Integrated Computer Systems. ICS. Integrated Circuit Systems, Inc.
How does Incident Command System work?
The Incident Command System or ICS is a standardized, on-scene, all-risk incident management concept. ICS allows its users to adopt an integrated organizational structure to match the complexities and demands of single or multiple incidents without being hindered by jurisdictional boundaries.
What is the difference between IT and ICS?
IT systems primarily consist of servers, network devices and workstations. These components are often protected by firewalls, antiviruses, IPS and web application firewalls. ICS, on the other hand, has proprietary products. Other than desktop and servers, the rest of the platforms are embedded and vendor-specific.
What is ICS analyst?
The ICS/SCADA Security Analyst skill path provides you with the knowledge needed to defend the systems that control critical infrastructure. You'll learn about assessing the security of industrial control and SCADA systems and protecting them from cyber threats.
What are remote access requirements?
Remote access requirements should be determined, including what IP addresses, what communication types, and what processes can be monitored. All others should be disabled by default. Remote access including process control should be limited as much as possible.
What is remote access?
Remote access is a relatively new capability for industrial control systems —one that comes with specific engineering and financial benefits. However, when considering new remote access connections, organizations need to involve the necessary stakeholders to make security and reliability-based decisions.
Do not enable remote access?
First and foremost, do not enable remote access by default. This is not a strict anti-remote access stance— rather a pro-engineering discussion. Because remote access is a “gate” through the (hopefully robust) perimeter and moat and walls of your fort, you want to make sure it is secure. This requires multiple stakeholders to be involved, including OT security, IT security, engineering, vendors, and any maintenance support teams. It is not something that is easily pre-packaged and it is never a “set it and forget it” capability.
Why do external parties need to connect remotely to critical infrastructure control networks?
This access is to allow the manufacturers of equipment used in Australia’s critical infrastructure the ability to maintain the equipment, when a fault is experienced that cannot be fixed in the required timeframe any other method.
What should be the default communication between the vendor and the critical infrastructure control system?
1. By default, there should be no communication between the vendor and the critical infrastructure control system.
What is the Australian Government Information Security Manual?
The Australian Government Information Security Manual is a cyber security framework that organisations can apply to protect their systems and data from cyber threats. The advice in the Strategies to Mitigate Cyber Security Incidents, along with its Essential Eight, complements this framework.
Which end should authenticate the critical infrastructure organisation?
10. The remote end should authenticate the critical infrastructure organisation also, i.e. ‘mutual authentication’.
Why do external parties need to connect remotely?
External parties may need to connect remotely to critical infrastructure control networks. This is to allow manufacturers of equipment the ability to maintain the equipment when a fault is experienced that cannot be fixed in the required timeframe. Such access to external parties will only occur in extraordinary circumstances, ...
When must remote access data be returned?
Ensure contractually that any data viewed or acquired as part of the remote access is used only for the purpose of resolving the issue the remote access was granted for, and must be returned to the critical infrastructure organisation and destroyed at the remote access end either when the issue is resolved, or after the period of 1 year , whichever is sooner.
When should the connection between the control network and any external device be physically disconnected?
2. The connection between the control network and any external device should be physically disconnected when the protocol is not being used. Ideally this would mean removal of a physical cable, however sometimes the location to disconnect the cable may be a significant distance from the control equipment.
