In the energy sector, the crown jewels for attackers are not always databases of sensitive data but often physical controls such as electrical circuit breakers. The ability for a SCADA system to operate with continuous, quality output is paramount.
Protecting these systems in the critical infrastructure space is more about the need to ensure that the system continues to operate with integrity and maintain the status quo.
Two-Tiered Defence
When looking to secure SCADA and ICS networks from external threats, we must first look to fundamental security principles and treat the physical controls network as an additional network layer. One that will require further security safeguards.
In today’s interconnected, VPN-ready environments; if the IT network is found to be vulnerable, so too will the SCADA network.
Security professionals in the energy sector are tasked with the need to defend both segments of the network.
SCADA Security Technologies
Whilst SCADA has been in use for a very long time, some new security practices are becoming more widely adopted and providing further defences.
SCADA Operation Whitelisting – Defining allowed operations for SCADA systems: Maintaining relationships of access between users, devices, access-levels and SCADA objects. Whitelisting can even be granularly configured to specify which times access should be permitted. Whitelisting is the best practice in IT security, when contrasted with Blacklisting. As opposed to listing all of the actions which aren’t allowed, simply list those that are.
Stateful Analysis – Stateful firewall technology has long been used for IT environments and SCADA networks have adopted this technology. They work based on the principle that established sessions are trusted and connections originating from the trusted zone will be allowed. Whereas connections from the untrusted zone are likely to be blocked. Much like any sort of firewall, these access rules are highly configurable.
Intrusion Detection – Traffic being sourced from external sources can be analyzed on-the-fly. By comparing incoming traffic with known-bad traffic signatures, unwanted signals can be blocked using IPS/IDS systems. Once properly configured, alerts generated should be monitored carefully.
Anomaly Detection – By forming a view of normal operation, an anomaly detection system is able to alert administrators to potentially unwanted behavior. Researchers have claimed that SCADA networks operate in a much more predictable way than general IT networks which makes anomaly detection systems a good choice.
By implementing safe these policies for traditional as well as SCADA networks, operators can look to reduce their security risk.
For assistance in securing your organisations SCADA systems, please do not hesitate to contact Agilient.
The Agilient Team
References:
https://pure.qub.ac.uk/portal/files/126667050/SCADA_IDS_Bilbao.pdf
https://www.belden.com/blog/industrial-security/SCADA-Security-Basics-Integrity-Trumps-Availability
https://www.researchgate.net/publication/221552943_A_review_of_SCADA_anomaly_detection_systems