Industrial Control Systems Require Specialized Security Measures

Kim Mays

Industrial control systems (ICS) differ vastly from usual IT systems. Supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS) and programmable logic controllers (PLCs) are all examples of ICS. Many of these systems have strict governance over their reliability, function and safety because they control water pumps, power grids, and other high-availability, critical infrastructures. Also, because they are older and have often been pieced together over time, these systems are delicate and sometimes difficult to keep up-to-date.

Recent years have revealed numerous Internet-related attacks on ICS. The recent Black Hat security conference featured presenters who spoke about vulnerabilities in industrial facilities and pipeline infrastructures that have the industry clamoring for more robust security measures to protect ICS.

The National Institute of Standards and Technology (NIST) with the Department of Commerce has developed documentation on proper security for ICS. This publication is available in our IT Downloads under the title, “Guide to Industrial Control Systems (ICS) Security.”

The guide details all important facets of security for numerous industrial control systems. Topics covered include:

  • Overview of Industrial Control Systems
  • ICS Characteristics, Threats and Vulnerabilities
  • ICS Program Development and Deployment
  • Network Architecture
  • ICS Security Controls


NIST defines security controls as “… the management, operational and technical controls (i.e., safeguards or countermeasures) prescribed for an informational system to protect the confidentiality, integrity, and availability of the system and its information.” As a system, ICS requires layers of security to protect its data and equipment from attack. The document explains:

A single security product or technology cannot adequately protect and ICS. Securing an ICS is based on a combination of effective security policies and properly configured sets of security controls. An effective cyber security strategy for an ICS should apply defense-in-depth, a technique of layering security mechanisms so that the impact of a failure in any one mechanism is minimized. Use of such a strategy is explored within the security control discussions and their applications to ICS that follow.

The document provides recommendations for personnel security that aim to reduce incidence of human error or misuse of mechanisms. It gives information on securing physical areas and control centers, and educates about the importance of contingency and continuity planning.

All organizations that deal with industrial systems will benefit from the information included in this document. From patch management to disaster recovery methods, this guide provides the integral information necessary to protect your ICS from potential threats.



Add Comment      Leave a comment on this blog post

Sep 4, 2013 1:28 AM IT solution IT solution  says:
Security of ICS needs to be updated. Reply
Sep 4, 2013 3:22 AM Cheyenne Hubschmitt Cheyenne Hubschmitt  says:
Good guides to industrial control system security. Furthermore, specialized safety measures should be applied in industrial control system. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data