Modern life depends on the automation of large-scale systems. Almost every time we turn on a faucet, switch on a light, or jump on a train, we are relying on industrial control systems (ICS) or supervisory control and data acquisition (SCADA) systems to manage processes like water purification, electricity generation, and mass transit signaling. But relying on computers for such essential tasks requires absolute trust in their security, since attacks, which disrupt these basic necessities, could trigger catastrophic economic and public health and safety collapse.
Industrial control/SCADA systems have traditionally remained ‘air gapped’ to protect their mission-critical functions and to ensure the safety of the surrounding communities and the environment.
As manufacturing technologies have matured, organizations have realized the scalability, centralized management, and cost-savings of streamlining IT operations by connecting ICS endpoints to the corporate network. Additionally, many ICS vendors now use standard IT technologies within their solutions – making them more accessible to attacks. To address such concerns, the ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) provides ICS-CERT alerts to assist owners and operators in monitoring threats and actions that could impact ICS/SCADA systems.
To safeguard SCADA, IT security teams must implement appropriate layers of security technologies and processes, which include:
- Reducing the network attack surface by segmenting and managing traffic flows between the ICS and corporate networks
- Reducing the asset attack surface by proactively identifying vendor vulnerabilities and implementing appropriate remediation and protection
- Reducing the privilege attack surface by implementing least privilege, such as by eliminating the sharing of privileged accounts, and requiring all users to login with only the specific privileges required to perform their job function
- Monitoring privileged user, session, and file activities for unauthorized access and/or changes to key files and directories
- Analyzing asset and user behavior to detect suspect and/or malicious activities of insiders and/or compromised accounts
ICS-CERT encourages sound security practices using “defense-in-depth principles.” Since they are considered fundamental technologies to address security best practices, BeyondTrust has mapped its privileged access management and vulnerability management solutions into ICS-CERT requirements. Specifically, BeyondTrust can help achieve the recommendations in the areas of:
- Removing, disabling, or renaming any default system credentials wherever possible
- Establishing and implementing policies requiring the use of strong passwords
- Implementing account lockout policies to reduce the risk from brute-force attacks
- Implementing network segmentation
- Deploying and appropriately updating remote access solutions, such as VPN, if required
- Monitoring the creation of administrator-level accounts by third-party vendors
- Applying patches in the ICS environment, when possible, to mitigate known vulnerabilities
- Monitoring for suspect activities and reporting findings to ICS-CERT for incident response support and correlation with other similar incidents
Mapping BeyondTrust Solutions into ICS-CERT
With over 20 years of experience in product strategy and management, Brad leads BeyondTrust’s solution strategy. He joined BeyondTrust via the company’s acquisition of eEye Digital Security, where Brad led strategy and products. Under Brad’s leadership, eEye launched several market firsts, including vulnerability management solutions for cloud, mobile and virtualization technologies. Prior to eEye, Brad served as Vice President of Strategy and Products at NetPro before its acquisition in 2008 by Quest Software. Formerly, at FastLane Technologies, which was sold to Quest Software in 2001, Brad worked extensively with key Microsoft business units on product direction and go-to-market strategies.