Align with the more integrated and distributed ICS environment, consist of so many devices and systems entities, connected through open protocol with the COTS server and computing environment platform, the more concrete solutions to handle each parts of the entities has become more difficult.
The segregation layers of level hierarchy on the ICS environment as per stated by IEC 62443 has give the professional ICS players a better way of system management and security defense-in-depth architecture.
Refer to IEC 62443,following are the hierarchy layers of ICS environment:
• Layer 4: Business Network
• Layer 3: Historian/PI/Apps Server/SCADA/DMC
• Layer 2: DCS/Control Server
• Layer 1: Basic Control Devices, DCS Controllers, PLC, RTU
• Layer 0: Process I/O Devices
From the cyber security on ICS perspective, the main concerns of ICS cyber security assurance is reside on Layer 1, 2 and 3, with Layer 3 and 4 interface architecture & configuration is also becoming one of the critical concern on this perspective.
Adopting the concept of Defense-in-Depth in IT world, the ICS environment security architecture should also designed by implementing secure gateway and filtering point for each layer interconnection.
The use of router, switch and also firewall have been the most common platform of Defense-in-Depth architecture in ICS layers networking segregation. The static route deployment along with IP address and MAC address lock assignment will give more confidence on ensuring the AAA of the system operations.
Protecting the channel for unauthorized use also can be implemented by managing the port and protocol based on actual purpose. Access control management to the networking devices and computing environment should also be governed and managed.
Defense-in-Depth is not just only concerning about how we design the system to be as secure as possible, but also concerning on how we run the system in operations phase.
Last Updated on Wednesday, 20 June 2012 04:33
F ully integrated ICS environment, with the DCS or SCADA as the main top control and supervision platform, has bring the new way of running the plant. Monitoring and control functions can be done from one place, leverage the efficiency of the supervision and control activities, and one window for plant activities and changes parameter can be centralized with better management.
The core platform that being used by the modern ICS era are COTS and open platform. COTS (Commercial-off-the-shelf) means the use of products technology such as hardware and software that available commonly on public market, such as Windows operating system, VB platform, Office applications, .NET environment, anti virus application and definition, server platform, UNIX/LINUX environment etc. While the Open platform means the use of open protocol such as ModBus, Ethernet TCP/IP, FF, HART, etc. as the common backbone protocol for devices communications within the ICS environment. The use of the above concept of technology has bring the inherent security concerns to the ICS environment.
The deep analysis against the SWOT of the existing ICS environment against the cyber threats including virus and malware attacks, emergency response readiness (BCP/DRP), vulnerabilities and threats analysis, risk and network assessment, etc. should be put on the top urgent tasks if we want to ensure the security assurance of the ICS.
The integration of IT and ICS in term of operations and technology backbone has bring the inherent risks from IT into the ICS environment
Last Updated on Wednesday, 20 June 2012 04:13
Back to 60's to 70's era, where the computer technology still on the earliest stage of its invention. The Industrial Control System (ICS) just started the journey with the first Distributed Control System (DCS) that was launched on 1975.
Honeywell and Yokogawa started to produce their own DCS, TDC 2000 and CENTUM, back to that time. By using panel based control system, analog signal and pneumatic control as the core technology.
This environment is an isolated system from cyber security perspective. Relatively secure system with type of access from logical channel is not available. Physical access control is the main control point in order to restrict the system perimeter.
Some plants still using this kind of technology, with the obsolescence issue behind the operations. Most of this type of system have been upgraded into the more advance system, for easier operations, maintenance and integration of the control system environment.
Move to the 80's era when some major automation controls company developed and produced their new DCS product, the panel based control era has been shifted into the legacy era, with proprietary infrastructure (protocol, communication framework, devices control, etc.) as the major platform.
The integration within the same platform of control system has gave more integration and distribution on the operations during this era. But it still limited by the use of proprietary communication protocol that can communicate only with its own devices platform. No open protocol was available to use to integrate the cross platform.
Nevertheless, this technology has gave the solution to deal with more spread out site operations and more complex process control coverage.
From cyber threat perspective, this system is “exploitable – but not a trivial task”. Since the core technology is using proprietary platform, only someone that has deep knowledge on this type of product that may have ability to "explore more" against the system.
The milestone of this era was started on 90's, with the invention of the Ethernet protocol and some other common open protocol as one of the trigger of the advance integration and distribution of the ICS environment. Also the use of common server platform with Windows based Operating System has became another catalyst of having open era of ICS.
The major DCS principles, such as Honeywell, Yokogawa, Emerson, Bailey have been playing such a significant roles on building the open technology against their product. By allowing communication interface using Ethernet TCP/IP platform, it has opened the fully distributed system with the cross platform interconnection. Nowadays, the use of microwave, satellite and fiber optic as physical communication media can be connected easily into the Ethernet platform. The broader coverage area and remote site locations can be supervised centrally, unmanned platform is no more an operations obstacle.
But on top of all the open protocol and common system platform, there is one heritage that will always threatening, the cyber security concern. From cyber security perspective, this modern era has become the huge challenge to ensure the security. The system is readily exploitable , with the inherent vulnerabilities and threats that came as one part of the open platform.
Open protocols, Ethernet everywhere, Remote configuration, Windows environment, Unix/Linux platform, Integrated system
Last Updated on Wednesday, 20 June 2012 03:03
Last Updated on Wednesday, 20 June 2012 03:22