INSIGHTS
WEBCAST ON CYBERSECURITY Mark T. Hoske, Control Engineering
More answers on what you need to know about cybersecurity Below are more answers resulting from a cybersecurity webcast on cybersecurity architectures, training, best practices, risk assessment and trends based on research.
A
cybersecurity webcast Dec. 3, 2020, raised more questions than two expert responders had time for at the end, and their answers to those additional questions on industrial control system cybersecurity are available below. The webcast, with one PDH available, is archived for one year. Register for the webcast with the following link: “Cybersecurity: What you need to know.” Two presenters answered the additional questions below. • Brad Bonnette, technical director, Wood Automation and Control, Wood • Anil Gosine, global projects, MG Strategy+
More ICS cybersecurity answers QUESTION: What are often overlooked cybersecurity best practices that represent weak links? Do they differ widely by organization and industry or are there commonalities for all? Bonnette: Seemingly simple things like, turning off or actively managing USB, Bluetooth and removable/portable media connections. Lack of management of unused accounts, personnel departures, (temporary) personnel, contractor or vendor access credentials. Not monitoring firewall or security moniKEYWORDS: Industrial cybersecurity, toring software reports or alerts. cybersecurity risk Gosine: Proper configuration of the sysassessment tems procured and under estimating the Industrial cybersecurity time/effort needed to continuously mainwebcast looks at what you tain and address issues. You want to avoid need to know. similar situation like operators ignoring Extra questions about cybersecurity are answered. alarms and then requiring another effort for alarm management years after initial ICS CONSIDER THIS deployment. An article published in Control What are you doing to Engineering, “Key security components and reduce cybersecurity risk to an acceptable level? strategies for ICS,” is a good reference.
M More INSIGHTS
ONLINE www.controleng.com/ webcasts www.controleng.com/ webcasts/past
12
•
March 2021
Q: Are there special cybersecurity recommendations for supervisory control and data acquisition (SCADA) and programmable logic controller (PLC)-based systems? control engineering
Bonnette: Edge protection and defense-in-depth are still principal base models. However, if the context of SCADA includes utilization of cloud or wide-area network (WAN) that is not exclusively controlled by the owner/operator, additional measures must be considered to authenticate traffic, endpoint devices, users, and protect (encrypt) data being carried over cloud or contracted carrier networks. The external network should be treated as an untrusted edge. However, just because your company owns a specific LAN or WAN does not mean it may not need to be considered untrusted just as well, depending on technical and physical access control to the networks. External networks should always be considered untrusted and considered a potential threat vector. Reference: ISA-TR100.15.01-2012 Technical Report “Backhaul Architecture Model” Q: Is there a need for firewalls on Apple products? Bonnette: Yes, both to protect the device, but primarily to protect the rest of the system from the device. Apple OS are just as exploitable as Microsoft Windows (Linux as well). At a minimum, any type of networked device may be used for distributed denial of service attacks (DDoS) attacks and robot data storm attacks, or as a pivot point for data, traffic or access to gain access to an operating technology (OT) system or network. Mobile phone malware has caused OT incidents, transmitting malware to the OT system by plugging in a mobile phone (smart phone) to a USB to charge it on an OT workstation, resulting in crypto locking or virus infection of facility control system. Gosine: Apple Wireless Direct Link protocol to create mesh networks can be exploited as noted recent security notifications. Q: Are there particular advantages to hard wiring? Or to keeping all data in house? Bonnette: “Hard-wiring” may be easier to protect physically with barriers and physical access controls. However, as soon as the network leaves a physically controlled boundary, any points of connection or distribution are accessible, but typically not as acceswww.controleng.com
