Industrial control systems underpin the critical national infrastructure and are essential for the success of industries such as:
- electricity production and distribution
- water supply and treatment
- food production
- oil and gas production and supply
- chemical and pharmaceutical production
- manufacturing of components and finished products
- paper and pulp production.
Disruption of these industries can have a rapid and escalating effect on society and this is exacerbated by the high-levels of interdependence between the critical industries. This interconnectedness is illustrated in the diagram below.
Critical national infrastructure interconnections
Two recent real examples illustrate the impact of these dependencies:
- The earthquake-initiated disaster at the Japanese Fukushima nuclear plant show that you can’t run a water-cooled nuclear reactor without water but you can’t pump water without electricity
- A military exercise in San Diego inadvertently jammed global positioning system (GPS) signals leading to unexpected widespread infrastructure failures including bank ATMs, mobile phone networks, maritime traffic management systems and emergency pagers which were - perhaps non-intuitively - dependent on GPS technology.
Examples such as these are driving an increasing recognition of the criticality of industrial control systems and also of their vulnerability to disruption, not only from ‘acts of god’ and accidental failures but also from deliberately directed threats such as the recent Stuxnet and Night Dragon attacks.
Typical industrial control system architecture
The implementation of automated control systems can have different aspects for the different industrial processes listed above but it generally follows a common control architecture as illustrated below.
Typical ICS architecture
The main components of this architecture are:
- A control loop consisting of actuators such as valves, switches and motors; sensors that detect the status of variables associated with the industrial process (eg temperature, pressure, flow rates) and a controller that manages the actuators based on sensor readings and operator input.
- A human-machine interface (HMI) that allows operators to monitor the controlled process and influence it
- A data historian that logs all process control activity to allow reporting at multiple levels
- Remote diagnostics and maintenance that allows ICS support staff and vendors access to diagnose and correct operational problems.
Challenges for security in industrial control systems
The importance and nature of industrial control systems creates particular challenges to ensuring their continued security. Some of the factors that set them apart from standard ‘office’ IT systems are:
- In the past process control networks were effectively protected by an ‘air gap’ segregating them from other internal and external systems; this is generally no longer the case and firewalls with complex rule sets now replace the air gap.
- SCADA systems are often highly distributed geographically with limited physical security for field devices Many ICS components (particularly remote telemetry units) are legacy devices that provide limited security features and little prospect of firmware upgrades.
- Security patch management is a challenge as changes need to be kept to a minimum to avoid the risk of ICS disruption through the unexpected side effects of operating system, or application changes.
- Network protocols are typically unauthenticated and transmit in plain text.
- A migration from closed, proprietary protocols and operating systems to open source or COTS technology means that documented information about architecture is more readily available.
- As the primary requirement is continuous and correct function, many security features are not tolerated if they risk compromising these; for example anti-virus software, IDS/IPS, operator lock-out though repeated bad passwords, etc often cannot be implemented.
- Nation states with substantial resources are motivated to invest considerable effort into finding and exploiting weaknesses in systems that contribute to their enemies’ critical national infrastructure.
Information security and risk practitioners are often surprised at the impact these differences have on the approaches that can be taken to managing risk. Citicus ICS provides a platform for managing risk that can bring together the skills and experience of IT risk experts and ICS engineers with specialist knowledge of their environment and its requirements.