http://www.isa.org/InTechTemplate.cfm?Section=General_Information2&template=/ContentManagement/ContentDisplay.cfm&ContentID=94400
By Norman Anderson, P.E., and Bill Phillips, P.E.
InTech
September/October 2013
This article is based on presentations made at the 2013 ISA
Water/Wastewater and Automatic Controls Symposium on 7 August 2013
(www.isawwsymposium.com). Network security for water sector process
control systems (PCS), such as supervisory control and data acquisition
(SCADA) systems, is increasingly important and ever evolving due to the
need for secure and reliable control systems. Additionally, PCSs continue
to grow, and the management of network-connected devices and the expansion
of PCS networks can be difficult and cumbersome. To properly secure PCS
networks, a multistage process is needed incorporating risk assessment,
planning, design, implementation, and maintenance for a comprehensive
defense-in-depth strategy. A critical aspect of defense-in-depth is the
overall network system architecture and the network segmentation plan. A
properly planned and executed network architecture and segmentation
strategy lays the foundation for security and simplifies expansion and
maintenance of the network.
There are industry-accepted methods for industrial control system (ICS)
network architecture and segmentation strategies that can be applied to
water sector PCSs and SCADA systems. Industry-standard techniques, based
on recently published standards and network design guides, are used to
create a layered network architecture approach to security, including the
use of logical subnets and virtual local-area networks (VLANs) for
segmentation. The advantage of this approach is simpler configuration of
network security appliances and simpler management and expansion of the
network, leading to increased network availability and a reduction in
threat risk. A case study will be used to provide examples of actual
methods implemented for a water sector utility.
Overview
As cyberattacks and the threat of compromised network security continue to
rise, so does the need for securing ICSs. ICSs include many different
types of systems, with water sector PCSs being one of the higher profile
targets because their critical infrastructure affects large populations.
Past statistics from the Cyber Emergency Response Team show recorded
cataloged vulnerabilities and reported incidents continuing to rise
through the years. A set of “honeypot”1 ICS set up by Trend Micro to look
like vulnerable power and water plants was attacked by hackers 25 times
within 28 days. Security is important for the water sector because attacks
can damage critical infrastructure that affects public safety; lead to
significant operational downtime; cause financial loss, such as the loss
of revenue for the utility and its customers; and attract significant
media attention causing loss of confidence and fear from the public. There
are many resources available that provide guidance on where to start and
how to secure networks. In general, there are four key steps in the
process of planning and designing to secure networks for defense-in-depth,
as shown in figure 1:
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
