Asset Visibility: Key to an Effective ICS Security Strategy
With their proprietary control protocols and use of specialized hardware and software, early industrial control systems (ICS) had little resemblance to traditional information technology (IT) systems. However, today’s ICS environments are using industry standard computers, operating systems (OS) and network protocols, putting them at risk of cybersecurity vulnerabilities and incidents. The increased use of wireless networking further acerbates the security issue.
While security solutions exist to protect typical IT systems, special safeguards are needed when introducing these same solutions to ICS environments. Instead, organizations should consider adopting new security solutions tailored to address the specific issues and needs of ICS environments.
Can’t Protect What You Can’t See
Whether you have a Bulk Electric System (BES) cyber asset or a set of controls for a chemical plant, you cannot protect what you don’t know you have. Unfortunately, lack of visibility into the types of assets that exist within an ICS environment is a consistent theme among companies around the world. This happens because 1) legacy systems are being integrated with more modern IT assets and in the process get “lost” and 2) the geographically dispersed nature of the assets themselves tends to cause them to fall off a company’s radar. Often assets are put into the field and the only time its existence becomes known is when someone goes to the site and checks the asset.
In fact, a recent ICS survey by the SANS Institute found that “4 out of 10 ICS security practitioners lack visibility or sufficient supporting intelligence into their ICS network.” Without full knowledge of interconnected assets, “their configurations (including control logic) and the integrity of communications taking place, defenders are effectively working blindly, unable to make adequately informed decisions regarding which controls to implement, or how to prioritize security plans and spending.”
Statistics show that more ICS vulnerabilities are being discovered every day and foreign nation states are more than willing to develop threats to exploit these vulnerabilities. As critical infrastructure defenders, we need to stay ahead in this ever-evolving threat landscape by increasing visibility into ICS devices and using this visibility to understand what assets are deployed, whether they are under management or not, their physical location and relationship in the operational technology hierarchy.
Deploying an ICS Management Solution
An effective security strategy for ICS environments starts with visibility into all deployed assets. Thankfully, new ICS management solutions, such as Leidos’ Industrial Defender Automation Systems Manager, are available that meet the specific needs of ICS. These management platforms aggregate event and state data from industrial endpoints across all vendor systems in one location for a single, unified view of operations. If you’re considering an ICS security management solution, here are six functions it should address:
- Asset Management
The most critical component to look for in a solution is a single, unified view of all assets. This view should enable onboarding and decommissioning of assets, as well as provide device status reporting, information access and state information.
- Security Event Management
A best-in-class solution should provide visibility into your control systems asset base at a single site and across your fleet to monitor trends, manage events and investigate anomalies.
- Configuration Management
Having automated asset configuration collection and ability to track and audit device settings, software, firewall rules and user accounts reduces cybersecurity risks to your asset base.
- Policy Management
Look for a solution that communicates new policies, tracks acceptance and manages conformance.
- Compliance Reporting
A best-in-class solution will provide a comprehensive suite of standard configurable reports to meet audit requirements, both internal and external. Additionally, look for a solution that enables users to define, generate and automate reports as needed, as well as archive artifacts relevant to regulatory requirements.
- Work Automation Suite
Finally, you should select a solution that integrates document management, ticketing and reporting as part of a structured workflow. This type of functionality enable ICS professionals to initiate, track, approve, document, and report on changes made to control system assets.