Remote-access Guide

ics-cert's configuring and managing remote access for industrial control systems

by Dr. Eli Simonis PhD Published 2 years ago Updated 2 years ago

What does ICS CERT stand for?

It was developed under the direction of the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) by cybersecurity experts and with assistance from NIST. This tool provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks.

What is control in ICS?

SOURCE: The Automation, Systems, and Instrumentation Dictionary Control The part of the ICS used to perform the monitoring and control of the physical process. This includes all control servers, field devices, actuators, sensors, and their supporting communication systems.

How should security protections be implemented in ICS?

Security protections must be implemented in a way that maintains system integrity during normal operations as well as during times of cyber attack [17]. Initially, ICS had little resemblance to IT systems in that ICS were isolated systems running proprietary control protocols using specialized hardware and software.

What is an ICS device?

ICS are often constructed of devices that either do not have or cannot use comprehensive access control capabilities due to time-restrictive safety constraints.

What is a preferred security measure for remote access?

Virtual Private Networking (VPN) is often considered the best approach in securing trans-network communication.

What is ICS cyber security?

ICS security is defined as the protection of industrial control systems from threats from cyber attackers. It is often referred to as OT security or security. It includes a wide range of practices including: Asset inventory and detection. Vulnerability management.

How does a typical IT security infrastructure differ from securing industrial control systems?

IT systems primarily consist of servers, network devices and workstations. These components are often protected by firewalls, antiviruses, IPS and web application firewalls. ICS, on the other hand, has proprietary products. Other than desktop and servers, the rest of the platforms are embedded and vendor-specific.

What is ICS Homeland Security?

Industrial Control Systems (ICS) are important to supporting US critical infrastructure and maintaining national security. ICS owners and operators face threats from a variety of adversaries whose intentions include gathering intelligence and disrupting National Critical Functions.

Why is ICS security important?

NIST's Guide to Industrial Control Systems (ICS) Security helps industry strengthen the cybersecurity of its computer-controlled systems. These systems are used in industries such as utilities and manufacturing to automate or remotely control product production, handling or distribution.

Why is cybersecurity in ICS important?

We must defend ICS environments against the most urgent threats. Find and defeat adversaries before they cause harm. CISA and its partners will work together to improve visibility in OT environments so that we identify and defeat malicious activity quickly before it causes wide-spread harm.

Why are industrial control systems important?

1 Introduction. Industrial control systems (ICSs) are used for various kinds of social infrastructure, and they play important roles in realizing their control functions and ensuring their safety. ICSs currently use open architectures and they are often connected to external systems such as office systems.

What are the biggest security issues associated with control systems and their networks?

The Challenges of Securing Industrial Control Systems from...Air gaps can no longer protect industrial networks from attacks. ... Vulnerabilities in industrial processes increase cyber risk. ... Lack of visibility and control in industrial control system networks. ... Control-layer protocols are difficult to secure.More items...•

What industries commonly use control system?

A DCS is also commonly used in industries such as manufacturing, electric power generation, chemical manufacturing, oil refineries, and water and wastewater treatment. Implementing an ICS environment may often be a hybrid of DCS and SCADA wherein attributes from both systems are incorporated.

What is ICS application?

Industrial control system (ICS) security focuses on ensuring the security and safe function of industrial control systems. This includes the hardware and software the system and its operators use.

What are ICS and Scada systems?

ICS are command and control networks and systems designed to support industrial processes. The largest subgroup of ICS is SCADA (Supervisory Control and Data Acquisition) systems.

What is ICS technology?

Industrial control system (ICS) is a collective term used to describe different types of control systems and associated instrumentation, which include the devices, systems, networks, and controls used to operate and/or automate industrial processes.

What is ICS analyst?

The ICS/SCADA Security Analyst skill path provides you with the knowledge needed to defend the systems that control critical infrastructure. You'll learn about assessing the security of industrial control and SCADA systems and protecting them from cyber threats.

What is a security management solution for remote access?

Security management of the remote access solution should follow defence-in-depth techniques with multiple layers of defence and should incorporate best-of-breed elements from standards. Although not an exhaustive list, the following are examples of layered defence techniques in relation to remote access:

Why is remote access important?

Because securing remote access is an integral part of any defence-in-depth strategy, the foundation of creating usable guidance as it pertains to control systems environments must include both users and the technology to be accessed remotely. To generalise control system architectures is difficult and to develop a recommended practice for securing remote access that is applicable to all architectures is impossible. It may help organisations to shape their remote access strategy by determining who requires access to certain resources as well as understanding attack vectors that can be created unintentionally.

Why is industrial control important?

Today, business demand has led to the rapid deployment of modern networking technologies, which has accelerated the interconnectivity of these once isolated systems. This new connectivity has empowered asset owners to maximise business operations and reduce costs associated with equipment monitoring, upgrading and servicing, whilst creating a new security paradigm for protecting control systems from cyber incident.

Is remote access secure?

In conclusion, no single secure remote access solution is applicable to all possible architectures and no single remote access solution can provide adequate security without a defence-in-depth approach. However, by exercising caution and generating and implementing concise requirements based on good analysis, secure remote access solutions can be deployed and maintained.

EXECUTIVE SUMMARY

We rely on industrial control systems to sustain our lives; from utilities to manufacturing, to distribution, to water management. In the past decade, the connectivity level of industrial control systems has increased. In parallel with these digital transformations, ensuring the safety and integrity of these environments is imperative.

Industrial control system security: Notable vulnerabilities

1. Connectivity and integration with external platforms and third party systems provide opportunities for backdoor access and malicious activities.

Preventing industrial control system attacks

In the US, the Cybersecurity and Infrastructure Security Agency (CISA) provides information designed to empower industry leaders to combat ICS oriented threats.

Is remote access to OT commonplace?

Remote access to OT systems is now commonplace, especially driven by industry 4.0 applications, although it is not unique to these cases. Increasingly more companies are contracting out the development, assembly and commissioning of new machines that require remote access, so that the supplier can provide the technical support agreed upon in the contract. For clients, these accesses are an entry point to their network, so they should seek to make them as secure as possible and only use them when strictly necessary.

Is remote access to control systems secure?

As discussed above, there are various ways to remotely access control systems. Some are more secure than others, but, at the same time, they are more difficult to implement and deploy. We must always start from the premise that direct remote access to control systems is not recommended in all good practice guides and regulations, since external networks are considered insecure environments. Therefore, any measure taken will be beneficial to the security of the organization.

Is remote access necessary in OT?

The remote accesses in OT are increasingly frequent and necessary, however, we must not forget that they are devices with a far lower levels of security than what we find in IT environments, so it is essential to carry out the appropriate work in order to increase their cybersecurity levels.

What is ICS in industrial control?

This document provides guidance for establishing secure industrial control systems (ICS). These ICS, which include supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC) are often found in the industrial control sectors. ICS are typically used in industries such as electric, water and wastewater, oil and natural gas, transportation, chemical, pharmaceutical, pulp and paper, food and beverage, and discrete manufacturing (e.g., automotive, aerospace, and durable goods.) SCADA systems are generally used to control dispersed assets using centralized data acquisition and supervisory control. DCS are generally used to control production systems within a local area such as a factory using supervisory and regulatory control. PLCs are generally used for discrete control for specific applications and generally provide regulatory control. These control systems are vital to the operation of the U.S. critical infrastructures that are often highly interconnected and mutually dependent systems. It is important to note that approximately 90 percent of the nation's critical infrastructures are privately owned and operated. Federal agencies also operate many of the ICS mentioned above; other examples include air traffic control and materials handling (e.g., Postal Service mail handling.) This document provides an overview of these ICS and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks. Initially, ICS had little resemblance to traditional information technology (IT) systems in that ICS were isolated systems running proprietary control protocols using specialized hardware and software. Many ICS components were in physically secured areas and the components were not connected to IT networks or systems. Widely available, low-cost Internet Protocol (IP) devices are now replacing proprietary solutions, which increases the possibility of cybersecurity vulnerabilities and incidents. As ICS are adopting IT solutions to promote corporate business systems connectivity and remote access capabilities, and are being designed and implemented using industry standard computers, operating systems (OS) and network protocols, they are starting to resemble IT systems. This integration supports new IT capabilities, but it provides significantly less isolation for ICS from the outside world than predecessor systems, creating a greater need to secure these systems. The increasing use of wireless networking places ICS implementations at greater risk from adversaries who are in relatively close physical proximity but do not have direct physical access to the equipment. While security solutions have been designed to deal with these security issues in typical IT systems, special precautions must be taken when introducing these same solutions to ICS environments. In some cases, new security solutions are needed that are tailored to the ICS environment. Although some characteristics are similar, ICS also have characteristics that differ from traditional information processing systems. Many of these differences stem from the fact that logic executing in ICS has a direct effect on the physical world. Some of these characteristics include significant risk to the health and safety of human lives and serious damage to the environment, as well as serious financial issues such as production losses, negative impact to a nation’s economy, and compromise of proprietary information. ICS have unique performance and reliability requirements and often use operating systems and applications that may be considered unconventional to typical IT personnel. Furthermore, the goals of safety and efficiency sometimes conflict with security in the design and operation of control systems. ICS cybersecurity programs should always be part of broader ICS safety and reliability programs at both industrial sites and enterprise cybersecurity programs, because cybersecurity is essential to the safe and reliable operation of modern industrial processes. Threats to control systems can come from numerous sources, including hostile governments, terrorist groups, disgruntled employees, malicious intruders, complexities, accidents, and natural disasters as well as malicious or accidental actions by insiders. ICS security objectives typically follow the priority of availability and integrity, followed by confidentiality.

What is an ICS system?

Industrial control system(ICS) is a general term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC) often found in the industrial sectors and critical infrastructures. An ICS consists of combinations of control components (e.g., electrical, mechanical, hydraulic, pneumatic) that act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy). The part of the system primarily concerned with producing the output is referred to as the process. The control part of the system includes the specification of the desired output or performance. Control can be fully automated or may include a human in the loop. Systems can be configured to operate open-loop, closed-loop, and manual mode. In open-loop control systems the output is controlled by established settings. In closed-loop control systems, the output has an effect on the input in such a way as to maintain the desired objective. In manual mode the system is controlled completely by humans. The part of the system primarily concerned with maintaining conformance with specifications is referred to as the controller (or control). A typical ICS may contain numerous control loops, Human Machine Interfaces (HMIs), and remote diagnostics and maintenance tools built using an array of network protocols. ICS control industrial processes are typically used in electrical, water and wastewater, oil and natural gas, chemical, transportation, pharmaceutical, pulp and paper, food and beverage, and discrete manufacturing (e.g., automotive, aerospace, and durable goods) industries. ICS are critical to the operation of the U.S. critical infrastructures that are often highly interconnected and mutually dependent systems. It is important to note that approximately 85 percent of the nation's critical infrastructures are privately owned and operated1. Federal agencies also operate many of the industrial processes mentioned above as well as air traffic control. This section provides an overview of SCADA, DCS, and PLC systems, including typical topologies and components. Several diagrams are presented to depict the network topology, connections, components, and protocols typically found on each system to facilitate the understanding of these systems. These examples only attempt to identify notional topology concepts. Actual implementations of ICS may be hybrids that blur the line between DCS and SCADA systems. Note that the diagrams in this section do not focus on securing ICS. Security architecture and security controls are discussed in Section 5 and Section 6 of this document respectively.

How did ICS evolve?

Many of today’s ICS evolved from the insertion of IT capabilities into existing physical systems, often replacing or supplementing physical control mechanisms. For example, embedded digital controls replaced analog mechanical controls in rotating machines and engines. Improvements in cost-and performance have encouraged this evolution, resulting in many of today’s “smart” technologies such as the smart electric grid, smart transportation, smart buildings, and smart manufacturing. While this increases the connectivity and criticality of these systems, it also creates a greater need for their adaptability, resilience, safety, and security.

How is a scada system used?

SCADA systems are used to control dispersed assets where centralized data acquisition is as important as control [3] [4]. These systems are used in distribution systems such as water distribution and wastewater collection systems, oil and natural gas pipelines, electrical utility transmission and distribution systems, and rail and other public transportation systems. SCADA systems integrate data acquisition systems with data transmission systems and HMI software to provide a centralized monitoring and control system for numerous process inputs and outputs. SCADA systems are designed to collect field information, transfer it to a central computer facility, and display the information to the operator graphically or textually, thereby allowing the operator to monitor or control an entire system from a central location in near real time. Based on the sophistication and setup of the individual system, control of any individual system, operation, or task can be automatic, or it can be performed by operator commands. Typical hardware includes a control server placed at a control center, communications equipment (e.g., radio, telephone line, cable, or satellite), and one or more geographically distributed field sites consisting of Remote Terminal Units (RTUs) and/or PLCs, which controls actuators and/or monitors sensors. The control server stores and processes the information from RTU inputs and outputs, while the RTU or PLC controls the local process. The communications hardware allows the transfer of information and data back and forth between the control server and the RTUs or PLCs. The software is programmed to tell the system what and when to monitor, what parameter ranges are acceptable, and what response to initiate when parameters change outside acceptable values. An Intelligent Electronic Device (IED), such as a protective relay, may communicate directly to the control server, or a local RTU may poll the IEDs to collect the data and pass it to the control server. IEDs provide a direct interface to control and monitor equipment and sensors. IEDs may be directly polled and controlled by the control server and in most

How are control systems used in manufacturing and distribution industries?

While control systems used in manufacturing and distribution industries are very similar in operation, they are different in some aspects. Manufacturing industries are usually located within a confined factory or plant-centric area, when compared to geographically dispersed distribution industries. Communications in manufacturing industries are usually performed using local area network (LAN) technologies that are typically more reliable and high speed as compared to the long-distance communication wide-area networks (WAN) and wireless/RF (radio frequency) technologies used by distribution industries. The ICS used in distribution industries are designed to handle long-distance communication challenges such as delays and data loss posed by the various communication media used. The security controls may differ among network types.

What are the risks of ICS?

Unauthorized changes to instructions, commands, or alarm thresholds, which could damage, disable, or shut down equipment, create environmental impacts, and/or endanger human life.  Inaccurate information sent to system operators, either to disguise unauthorized changes, or to cause the operators to initiate inappropriate actions, which could have various negative effects.  ICS software or configuration settings modified, or ICS software infected with malware, which could have various negative effects.  Interference with the operation of equipment protection systems, which could endanger costly and difficult-to-replace equipment.  Interference with the operation of safety systems, which could endanger human life. Major security objectives for an ICS implementation should include the following: Restricting logical access to the ICS network and network activity. This may include using unidirectional gateways, a demilitarized zone (DMZ) network architecture with firewalls to prevent network traffic from passing directly between the corporate and ICS networks, and having separate authentication mechanisms and credentials for users of the corporate and ICS networks. The ICS should also use a network topology that has multiple layers, with the most critical communications occurring in the most secure and reliable layer. Restricting physical access to the ICS network and devices. Unauthorized physical access to components could cause serious disruption of the ICS’s functionality. A combination of physical access controls should be used, such as locks, card readers, and/or guards. Protecting individual ICS components from exploitation. This includes deploying security patches in as expeditious a manner as possible, after testing them under field conditions; disabling all unused ports and services and assuring that they remain disabled; restricting ICS user privileges to only those that are required for each person’s role; tracking and monitoring audit trails; and using security controls such as antivirus software and file integrity checking software where technically feasible to prevent, deter, detect, and mitigate malware. Restricting unauthorized modification of data. This includes data that is in transit (at least across the network boundaries) and at rest. Detecting security events and incidents. Detecting security events, which have not yet escalated into incidents, can help defenders break the attack chain before attackers attain their objectives. This includes the capability to detect failed ICS components, unavailable services, and exhausted resources that are important to provide proper and safe functioning of the ICS. Maintaining functionality during adverse conditions. This involves designing the ICS so that each critical component has a redundant counterpart. Additionally, if a component fails, it should fail in a manner that does not generate unnecessary traffic on the ICS or other networks, or does not cause another problem elsewhere, such as a cascading event. The ICS should also allow for graceful degradation such as moving from "normal operation" with full automation to "emergency operation" with operators more involved and less automation to "manual operation" with no automation.

How to secure an ICS?

The most successful method for securing an ICS is to gather industry recommended practices and engage in a proactive, collaborative effort between management, the controls engineer and operator, the IT organization, and a trusted automation advisor. This team should draw upon the wealth of information available from ongoing federal government, industry groups, vendor and standards organizational activities listed in Appendix D—.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9