Industrial Control System (ICS) operators recognize the need to improve cybersecurity, but many lack the understanding on how to deploy a system in a secure manner. Schneider Electric has authored a whitepaper “Effective Implementation of Cybersecurity Countermeasures in Industrial Control Systems” that takes asset owners through the system deployment process. In this blog article, I will provide a brief overview of the concepts presented in the whitepaper.
The Implement Phase is comprised of a variety of sub-tasks. The design and implementation of security countermeasures is a complex project and should be managed as such. Activities should be planned, documented, and executed throughout the Implementation Phase.
- Security Requirements – The first step in the implementation phase involves the definition of requirements. Examples of requirements include features tied to the specific countermeasures (firewall, IDS, SIEM, etc.), and requirements that must be supported by all components that comprise the system.
- Design Specification – The requirements document specifies features that the system must support, the design specification details how the system addresses the requirements. The design document typically contains a variety of sections to clearly define how the system works, including architecture diagrams, network diagrams, and use cases.
- Creating a Detailed Project Plan – Once the design is complete, the project team will create a detailed project implementation plan.
- System Hardening – Process utilized to secure a system by reducing its attack surface. Examples of techniques that can be used to reduce attack surface include the removal of unnecessary software/user accounts/services, and installing security patches to address known vulnerabilities.
- Deploying Security Appliances – System hardening cannot by itself effectively secure a system, additional security appliances may be required. Some examples of security appliances include firewalls, intrusion detection systems, and SIEMs.
- Access Control – Access control refers to policies and technologies implemented to control access to control networks. Properly implemented access control define techniques to create, modify, and remove user accounts.
- Remote Access – A critical task to consider when securing an IACS involves effectively managing remote access. Remote access introduces significant risk as it provides a path for individuals outside of the facility to access the control system.
- Acceptance Testing – Applications may require additional system cybersecurity acceptance testing prior to implementation. Acceptance testing can take place at the factory, a staging site, or both.
The threat of cyber-attack is real and will continue to be an issue plaguing ICS for the foreseeable future. Following the steps outlined in the whitepaper will enable operators to effectively deploy ICS infrastructure.