Myth: My machine is secure with just a firewall device.
Entrusting the security of your machine and all of the proprietary information passing through it to a single security control like a firewall device – or any single security measure – can make both your machine and your entire enterprise vulnerable to security risks. Architecting a multilayered security approach, also known as “defense in depth”, is key to not only defending critical assets and data, but also provides an opportunity to monitor, detect and react to a security event.
Today, stand-alone control systems are quickly becoming a thing of the past. The convergence of manufacturing and enterprise systems is becoming more commonplace due to the need of the enterprise user to consume important data being produced in the industrial zone or industrial system operations need order and material data. Also, enterprise systems such as Operating System (OS) and application patch servers, web servers, and file transfer servers are being relied on by industrial zone assets for patches and other critical functions. The interplay between these systems are now crucial for daily operation. Firewalls between these systems are configured to check that the IP Addresses in the enterprise are allowed to communicate to Industrial Demilitarized Zone (IDMZ) or industrial zone IP Addresses. Most firewalls do not however check the payload or the messages inside the traffic. The data passing between hosts is rarely inspected and therefore malicious packet information can be passed through the firewall. While firewalls provide some boundary protection, it does not provide holistic security.
Connected devices are also proliferating which in most cases are not being protected by the firewall. Typically a firewall is not placed between the devices and the controller due to the speed at which the connected devices are communicating. These connected device networks that are not being sent through the firewall offers another entrance into the network.
Remote access and remote support is becoming increasingly essential and should also be viewed as a door into the industrial zone. Just like our houses, doors can be used by good friends or burglars. While in most cases, the reward of remote support outweighs the risk of the remote access system being used as a foothold for malicious activities, additional security measures such as two factor authentication, audit logging of remote activity or read only access for remote access accounts can be used in addition to just the firewall
With this greater level of connectivity within manufacturing and industrial organizations come more vulnerabilities for cyber-security risks, be they internal or external, intentional or unintentional. Risks to networked systems include worms and viruses, denial-of-service attacks, unauthorized remote access, unintended employee actions, and more.
As a result, a firewall device or any other single product, technology or methodology cannot be solely relied on to secure industrial-control applications. Instead, industrial security must be holistically implemented as a system, and a defense-in-depth security approach that employs multiple layers of defense at separate levels to address the full range of security threats is an industry best practice.
Within the industrial zone, consider using these steps to help increase security:
- Create an industrial control system security program. As part of your larger enterprise security program, this program should include technical security controls (e.g. firewalls, intrusion detection/prevention systems, access control lists) and non-technical security controls (e.g. patch management, change management, endpoint protection).
- Understand the variables in your processes. Every control system design must be coded understood so that network events can be predicted. From there, specific events can be whitelisted, while others can be tuned for disclosure in your intrusion detection/prevention systems.
- Harden your endpoints. Security features should be enabled in all products that are deployed in the industrial environment, from firewalls in Microsoft Windows platforms to key switches and other features in your control system hardware and software. Carry this into the control system lifecycle using endpoint protection updates (e.g. patches, virus definitions) and change/configuration management.
- Audit the environment. This can include conducting configuration audits to confirm your network end states conform to the initial conceptual and detailed-design projects, which can be important given the number of changes that can occur during implementation. Security audits also are often not only required in different industries but can also help ensure proper security management going forward.
- Monitor your systems. Today’s cyber-security threat landscape is constantly changing, as vigilant hackers seek new ways into company systems and hundreds of thousands of new malware hit the Internet every day. Your security program must be equally vigilant. A number of commercial and free open source software (FOSS) options are available to help. This includes multi-tier and distributed unified threat management (UTM) systems, intrusion prevention/detection systems, and other infrastructure-monitoring and management apps.
For traffic traversing between industrial and enterprise systems, an industrial demilitarized zone (IDMZ) is a crucial security measure. Also known as a perimeter network, an IDMZ enforces data-security policies between a trusted network (the industrial zone) and an untrusted network (the enterprise zone).
For more information on how an IDMZ secures data, as well as key design and implementation considerations, see the “Securely Traversing IACS Data Across the Industrial Demilitarized Zone” white paper from Cisco and Rockwell Automation.