Security considerations for industrial control systems (ITSAP.00.050)

Alternate format: ITSAP.00.050 Security considerations for industrial control systems (PDF, 765 KB)

An industrial control system (ICS) automates and controls industrial processes (e.g. manufacturing, product handling, production, and distribution) and mechanical functions to keep processes and machinery running smoothly. An ICS may support critical infrastructure Critical infrastructureProcesses, systems, facilities, technologies, networks, assets, and services essential to the health, safety, security, or economic well-being of Canadians and the effective functioning of government. Critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories, and national borders. Disruptions of critical infrastructure could result in catastrophic loss of life, adverse economic effects, and significant harm to public confidence. (e.g. energy and utilities, transportation, health, manufacturing, food, and water) that is essential to the ongoing safety, security, and well-being of Canadians. An ICS is the base controller for the other layers in an infrastructure (i.e. production, office, enterprise), therefore it should be secured to maintain functionality. This document introduces some ICS security threats and risks and the security measures that you can implement to protect these systems from harm.

What is an ICS?

ICS is a general term that includes other types of control systems such as distributed control systems, supervisory control and data acquisition systems, and programmable logic controllers. An ICS uses processes and controls to achieve an industrial objective. The systems can be fully automated or can include a human in the control loop. Whether your ICS manages a simpler control system or a complex network of systems, you need to secure your ICS to protect the integrity IntegrityThe ability to protect information from being modified or deleted unintentionally or when it’s not supposed to be. Integrity helps determine that information is what it claims to be. Integrity also applies to business processes, software application logic, hardware, and personnel. and the availability AvailabilityThe ability for the right people to access the right information or systems when needed. Availability is applied to information assets, software, and hardware (infrastructure and its components). Implied in its definition is that availability includes the protection of assets from unauthorized access and compromise. of industrial processes.

A traditional ICS was not as interconnected with other systems and networks; it could be isolated and secured physically. These legacy devices could only be accessed remotely through a single access account for all users to manage the system through their home and other networks. This left the system vulnerable to cyber threats with no ability to monitor users.

What are the main threats?

Your ICS is a high-value target for threat actors because they can cause real world effects, ranging from annoyances (e.g. turning on and off lights) to life threatening and costly events (e.g. equipment malfunctions and permanent damage). Threat actors use targeted attacks to directly compromise CompromiseThe intentional or unintentional disclosure of information, which adversely impacts its confidentiality, integrity, or availability. your organization or non-targeted attacks to spread malicious software to breach systems where possible. Some main cyber threats to your ICS include the following: 

Ransomware

A threat actor delivers malware MalwareMalicious software designed to infiltrate or damage a computer system, without the owner's consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware. through an entry point in the system (e.g. by phishing PhishingAn attempt by a third party to solicit confidential information from an individual, group, or organization by mimicking or spoofing a specific, usually well-known brand, usually for financial gain. Phishers attempt to trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information, which they may then use to commit fraudulent acts. , insider threats, or targeted hacks) to restrict all functions from being accessed until a ransom is paid to the threat actor.

Insider threat

Anyone who has access to the ICS can cause harm to the system intentionally (e.g. compromise data for personal gain) or unintentionally (e.g. handle equipment inappropriately unknowingly).

Denial of service (DOS) attacks

A threat actor attacks your system making the services unavailable for intended users. DoS DOSSee denial-of-service attack. attacks can delay functions and operations, causing your organization to use more resources to restore the operations.

 

Your ICS is at a high risk of cyber threats if it is not properly secured. Areas of your ICS that are misconfigured or connected to an unpatched virtual private network Virtual private networkA private communications network usually used within a company, or by several different companies or organisations to communicate over a wider network. VPN communications are typically encrypted or encoded to protect the traffic from other users on the public network carrying the VPN. (VPN VPNSee virtual private network. ) introduce more security vulnerabilities. If you have remote equipment that can access your ICS, handle it cautiously. With the recent increase in work-from-home, remote access, remote technologies have become a high-value target for threat actors. If remote equipment or peripherals are compromised (e.g. malware), threat actors can carry out further attacks on the ICS, which can lead to loss of information, damaged equipment, or life threatening incidents.

What are the risks?

   If your ICS is compromised, your organization could be at risk of some of the following:

  • Blocked or delayed flow of information through ICS networks can disrupt ICS operations (e.g. power generation supply interruption).
  • Unauthorized changes to instructions or commands can damage or disable equipment.
  • Inaccurate information sent to operators can cause unauthorized changes and inappropriate actions.
  • Infected ICS software can spread through your organization’s network and devices.
  • Malfunctioning operations can result in loss of data or profits and harm your reputation (e.g. outage at a power plant will cause a series of interruptions with all connections).

How do I secure my ICS?

To mitigate risks, your organization should implement the following security measures and industry best practices:

Isolate the system

Isolate the ICS from regular corporate functions. Connect it to a different network so that you can disconnect it from the Internet without disrupting other organizational activities (e.g. office and enterprise).

Manage access and privileges

Any system used to maintain and manage industrial systems must only be handled by authorized users and used for its intended purpose. Remote access to the system should be carefully weighed and considered depending on the potential risks involved (e.g. subcontractor acquires time-limited access to handle system).

Create individual accounts with multi-factor authentication Multi-factor authenticationA tactic that can add an additional layer of security to your devices and account. Multi-factor authentication requires additional verification (like a PIN or fingerprint) to access your devices or accounts. Two-factor authentication is a type of multi-factor authentication. (MFA) and use encryption EncryptionConverting information from one form to another to hide its content and prevent unauthorized access. to restrict unauthorized access to sensitive data.

Train employees

Train employees on your security processes. Create learning exercises on different security tactics and emphasize the importance of continuous communication. Users handling the ICS should understand why certain security measures are in place so that they don’t disable them.

Log and monitor

Enable logging and monitor all access and event information. If your system malfunctions or an attack occurs, audit logs capture event information (e.g. who had access, what actions were performed, what changes were made).

Use security software and hardware

Protect your ICS from malicious intrusions and malware infections by using anti-virus software Anti-virus softwareSoftware that defends against viruses, Trojans, worms, and spyware. Anti-virus software uses a scanner to identify programs that may be malicious. Scanners can detect known viruses, previously unknown viruses, and suspicious files. and firewalls. Scan all removable media before connecting it to your ICS to reduce the risk of hidden malware infecting your system.

Use a VPN to protect transmitted data.

If you have the resources available, implement a unidirectional security gateway GatewayAn intermediate system that is the interface between two computer networks. A gateway can be a server, firewall, router, or other device that enables data to flow through a network. to control external cyber threats. This tool is a strong alternative to a firewall FirewallA security barrier placed between two networks that controls the amount and kinds of traffic that may pass between the two. This protects local system resources from being accessed from the outside. and needs to be properly configured by senior IT.

Back up systems

Back up your systems and data regularly, and preferably offline. You can back up encrypted data online, but you should store it offline. Backups ensure that your systems can be quickly restored if an incident of unplanned outage occurs.

Update and replace if possible

Update and patch your systems to fix security vulnerabilities and maintain ongoing functionality.

Replace unsupported systems and outdated parts if possible for your organization and your ICS. Because an ICS needs continuous operation, you may not be able to remove a device for firmware updates. If this is the case, your organization should assess and approve its risk tolerance and implement other security measures to enhance the security of the ICS.

 

Learn more

For more information on ICS security, refer to the National Institute of Standards and Technology SP 800-82 Rev. 2 Guide to Industrial Control Systems (ICS) security.

Date modified: