The
protection of Industrial control
systems (ICS) is something that is a mandatory for any
company that wants to continue operating in this competitive world.
There is an obligation of those
companies for protecting their vital data and information
from intruders as this can culminate to high financial losses to the attackers. PureLand Waste Water
Treatment Inc also requires ensuring that they
comply with the legal requirements of data protection and have
tight protection measures.
That will ensure that the
company’s trade secret and property
is safe from the attackers. They should also have a security
plan and strategies
that will enable them prevent
any cyber attacks to their
ICS. There are many things
that this company will need to do to ensure
the protection of its systems and devices
as required by the Department
of Homeland Security (DHS).
The current state of security of ICS
Currently, the company lacks
a comprehensive cyber security
mechanism to protect their information and the
data of the company as well as the chemical
they are using to treat water is at stake. The attackers
can intrude into their system
or rather sabotage
the chemical, and this can be dangerous
to the company and the environment
at large. The lack of a strong cyber security for the
chemicals that they are using to sterilize and treat
water means that their trade secrets
are open to theft via cyber security attack (Kirby, 2003).
Their intellectual property
is not having enough protection, and, therefore,
it is vulnerable to theft by anyone that may be having
an interest in the same. The company
needs to have the tight cyber security
of their chemical, or else they risk
losing the right
to continue their operations
as per the DHS warning. The company should endeavor to protect their intellectual property and trade secret
to help continue their operations.
Overview of the network topology
The
company has a network connection to all the locations within the company so that
it easy for
them to communicate with each
department and with vendors such as the
video vendors. There is a backbone
cable that runs through all the departments to offer a connection between the departments and
offices to the servers and to enable to enable the company
staff access the Internet. The only firewall that the company has been
the eternal firewall meant to filter the
traffic from the external environment. The company has hardware
and software that enables
them has communication and work remotely without any problem. That means
one can work from home as much as they have
access to the company Internet connection. They have access
to any server and storage systems of the company, and
there are no limitations for using the
resources that exist within the corporate network. Perhaps the only
hindrance to seamless communication
and access to resources across the network is the identification
and authorization enhancements.
Weaknesses in the design
The
presence of only one external firewall makes the company vulnerable
to attack by from the outside or within the company (Laing et al., 2013). If there can be a user within the company that has an interest in attacking the company
resources such as servers, he/she can do
it without any problem. A firewall should
not only filter the traffic that is coming in, but there should also be another firewall that is filtering traffic that is going out. The company
should have a demilitarized zone
so as to enhance the protection of vital resources like the servers and databases. They should limit access to that zone
so as to ensure that their network resources and data have maximum protection.
The allowance of the company for
anybody from the company to access local as well
as remote devices and resources within the network poses
a threat of attack to these resources and
devices. The access does not provide
maximum protection of the company computing and information system.
Data is the reason for
the existence of any company and
without proper protection of
data; the loss of it can be very expensive
for any company.
That is because a company can lose data whose recovery can be quite expensive; making
it quit the
business as the best option. The
disaster planning and backup should be part of the company’s
IT management activities, but the company
seems to assume this in the design.
A big company and network
like this for the company should have a backup system
and a virtual network that helps to protect critical data against loss. Network virtualization
helps to combine hardware and software resources that are in a network as well as the network
functionality to a single administrative
entity (Macaulay & Singer, 2011). The virtual network
gives the data
managers and the database administrators and easy work
of managing the resources on the network
and protecting critical data. The current design of the corporate network which does not provide for
this network virtualization makes it hard
for the network
managers and data administrators to manage the network resources
and data effectively.
Suggestions for improvements
There should be enhancements of physical security in the network
so as to limit access to the critical
network resources by keeping them behind a locked door and ensuring
they are safe from natural and manmade disasters. There should be enough security to protect the routers, cabling, modems, demarcation
points, hosts, backup storage and other
systems and resources of the company.
At the basic level,
there should be firewalls at every edge
of a network. That is because a firewall enforces security policies at the border of two or more networks.
If there can be an attack of
malware on one network, it
will not affect the other networks that are interacting with it. A stateful firewall can help
track the communication
session and allow or deny
traffic in an intelligent manner. There should also be a
proxy firewall that will be acting as an intermediary between the local clients and
outside servers. Another security enhancements required in this network
design is the intrusion detection systems that handle detecting malicious events and
notifying the network administrator via email,
paging or logging of those events. In general,
a modular approach to network
security design is the best way
of understanding the types of solutions that an organization should select to enhance security defense in depth (Weiss, 2010).
Threats and
vulnerabilities facing the
assets of the industrial control system
The
availability of the traffic all over the Internet and the company
network exposes the network to attackers (Bhatt, 2013). Those attackers can break into the system and
download scripts and protocols that they can in turn launch against the victims. The
network is also open to bot-network operators. These are attackers that coordinate attacks
over multiple systems and they can distribute
phishing schemes, malware attacks,
and spam. The network is also open
to criminal groups. These are individuals that seek to attack a network
system through spam, phishing and
spyware for monetary reasons. There is also a threat of foreign intelligence service that utilizes cyber tools to gather information for their espionage activities. There is also the threat of insiders misusing their rights to attack the company
network they have unrestricted access to the system.
They can, therefore, attack the system
and steal vital
data as they know the location of this
data.
The
spammers can also access and distribute unsolicited
emails with hidden information
through which they can distribute
malware to attack the system (Weiss, 2010). The phishers
can also attack the system through using phishing schemes to accomplish their objectives. There
is also the threat of spyware of malware that can bring
the whole system
down if it gains
access to the network. That is because
the malware has the capability of spreading so fast throughout the network and
affecting all the networked resources within as very short time. Without the proper protection
of the network and the systems
of the company, there is the likelihood of some activities occurring.
Those activities are those that can jeopardize the information systems
that are useful to a company, and this
can be costly to recover.
Mitigations
·
Minimize, the network exposure of the company’s system
devices by making them not directly to face the
Internet
·
The location of
the control systems as well as the devices should be behind
firewalls, and they should also have isolation
from the rest of the business network.
·
There should be secure
access to or from the remote devices
through the use of for instance virtual
private networks.
·
There should be policies
in pace that implement strong passwords.
·
There should be removal,
disabling and renaming of the default accounts
where applicable.
Applicable regulations
There
are government regulations
that especially apply to
specific industries
regarding cyber security. For
instance, the Security Breach
Act requires that any organization that maintains personal information should have a mechanism that avoids exposure to that information.
It is also a legal requirement for enterprises to protect their trade secrets and
intellectual property.
Companies have to invest in cyber security avoids the loss
of their reputation and economic loss that can emanate from successful cyber attacks. The law
also requires that there be security protection mechanisms that can extend to the partners
of a company.
Future state of
ICS security
Because
of the complexity of ICS software, the
modifications that are taking
place should take place with the consideration
of the underlying operating system and comprehensive
regression testing. There should be the
maintenance of operating system security patches
and so as to disclose the newly
discovered vulnerabilities that attackers
are likely to exploit (Weiss,
2010). There should be the avoidance
of using the default configurations for the security
of ICS as this opens intrusion avenues to services and placations running on hosts. There should be the storage and
backing up of critical ICS configurations to prevent loss of data and maintain
the availability of the system. There should be secure remote access to ICS components so as to hinder the unauthorized
individuals from accessing the ICS components.
Security controls
of system devices
The
company should compare the configuration of firewalls,
routers and switches against secure
configurations required for each device
(Amine et al., 2014). There should be documenting, reviewing
and approval of that security mechanism
by the security auditors. There should be a rule base that governs the operation of the
firewalls and ensure maximum protection of data. There
should be new configuration rules that go beyond the baseline configurations for all network
devices such as network-based
IPS and firewalls (Cheswick et al., 2003). For the routers and
switches, there should be the usage
of automated tools to verify the standard
device configuration as well as detect changes that are likely to put the
security of those devices in jeopardy. There should
be the usage of a two-factor
authentication as well as the
encrypted sessions between the
devices such as routers and switches.
Challenges of securing
an industrial control system
There are many challenges that exist
in securing an industrial network system. First,
there is a lack of expertise and
skills among the IT personnel that can fully protect the industrial
controls system. Also, the complexity of the devices in the
system makes it hard to secure
them from attackers and
malware (Weiss, 2010). The attackers
are always devising new ways of and tactics of attacking systems, and so the
security enhancements in the system that worked
in the past may not work today and
in the future. Securing and maintaining
the security of ICS legacy systems is hard as they have been
working for many years, and
they may not comply with the new security requirements (Stouffer et al., 2011). That
is because their installation
took place in the ore-Internet era and; therefore, they
have no means
of authenticating the commands received. There is also the evolution
of high-level management systems
organizations are seeking to standardize them and cutting costs through the use of commercial
off-site-shelf products. That
means there is a greater exposure to those systems threats connected
to those operating systems.
There
should be the carrying out of
risk management in the ICS so as to ensure
that they are safe from attackers and malware (SANS Intitute, 2015). There should also be the replacement of the legacy systems with new ones that can accept the security
enhancements as needed and this will secure
company information. There
should be security auditing at least
every month so as to ensure that
a company is safe from security threats. A company should always conduct the
intrusion penetration testing of the ICS so as to ensure there are no loopholes of which the attackers can take advantage.
References
Amine, A., Ait, M. O., & Benatallah, B. (2014). Network
security technologies: Design and applications.
Bhatt, A. (2013). Computer and network security
threats. International journal of advanced research in Computer Science and
management studies, 1(1).
Cheswick, W. R., Bellovin, S. M., & Rubin, A. D.
(2003). Firewalls and Internet security: Repelling the wily hacker.
Boston, Mass. [u.a.: Addison-Wesley.
Kirby, C. (2003). Forum focuses on cybersecurity.
San Francisco Chronicle.
Laing, C., Badii, A. & Vickers, P. (2013). Securing
critical infrastructures and critical control systems: Approaches for threat
protection. Hershey, PA: Information Science Reference.
Macaulay, T. & Singer, B. (2011). Cybersecurity
for industrial control systems. CRC Press: NY.
SANS Intitute (2015). Secure configurations for
network devices such as firewalls, routers and swiches.
Stouffer, K., Falco, J. & Scarfone, K. (2011).
Guide to industrial control systems (ICS) security. NIST special publication
800-82.
Weiss, J. (2010). Protecting industrial control
systems from electronic threats (1st Ed.). New York: Momentum
Press.
No comments:
Post a Comment