Process Control Network Security

More documents

Recommendations

Info

NIST 800-53 control AC-2 describes “the identification of authorized users of theinformation system and the specification of access privileges” and CA-1 is“intended to produce the policy and procedures that are required for the effectiveimplementation of the security controls and control enhancements in the securityassessment and authorization family”. In addition, AC-6 discusses least privilegeassignment of access to users.7.3.3.1 SummaryThe table below summarizes the applicable controls from each of the availableframeworks. CoBIT describes that “User access rights to systems and data shouldbe in line with defined and documented business needs and job requirements.”And furthermore CoBIT describes how all users’ activities should be uniquelyidentifiable. User account management deals with the same issues as the CIP andNIST frameworks do. Besides the specific recommendation NISCC does regardingexcluding Internet access to PCNS, the frameworks do not specify any additionalmeasures, which CoBIT or general frameworks do.Category CIP NISCC NIST 800-53Inadequate logical accessrestrictionCIP005 subsectionR2.1, R2.3, R2.4CIP0074.3.13 CA-1, AC-6, AC-77.3.4 Inadequate physical access restrictionThe risk concerning inadequate physical access restriction for PCNs is that it ishard to secure a network over a large area. For instance, securing a pipe-lineequipped with smart sensors over many kilometers or making sure that smartsensors over a large industrial site are not tampered with is hard to do.Securing office IT related sites by employing walls, gates, access gates,turnstiles, security guards and guard dogs is just not feasible for a large PCNrelatedindustrial complex. This is why we propose that alternative measuresshould be taken.1 - Comparison with CIP (NERC)Standard CIP-006 is involved with ensuring the implementation of a physicalsecurity program for the protection of Critical Cyber Assets. This includesmonitoring physical access, alarm systems, the observation of access points(including video recording) and a maintenance and testing program of the allphysical security mechanisms (at least every three years). However, we feel it ishard to monitor all physical access when dealing with remote sites, withoutimplementing special measures, such as using automated monitoring systemswhich utilize artificial intelligence (e.g. camera images analyzed by software).2 - Comparison with Good Practice Guide Process Control and SCADA Security,NISCCIn the NISCC good practice guide Section 4.3.8 states that “physical securityprotection measures to protect process control systems and associatednetworking equipment from physical attack and local unauthorized access”. AndSection 4.3.9 states that due consideration should be given to the installation ofphysical security monitoring. Of course, due consideration should always be givento the installation of physical security monitoring; this is not specific to PCNs.Process Control Network Security Page 40
3 - Comparison with Special Publication 800-53 Revision 3, NISTNIST 800-53 controls PE-3, 4, 6, 7, 18 and 20 treat the subject of inadequatephysical access restrictions. The most relevant controls for physical accessrestrictions are PE-6 “Monitoring Physical Access”, which states that investigationof and response to detected physical security incidents, violations or suspiciousphysical access activities should be part of the organization’s incident responsecapability. PE-4 “Access control for transmission medium”, states that theorganization should control physical access to information system distribution andtransmission lines within organization facilities. PE-18 finally states that thepositioning of information system components within the facility is such thatpotential damage from physical and environmental hazards and the opportunityfor unauthorized access is minimized.7.3.4.1 SummaryThe table below summarizes the applicable controls from each of the availableframeworks. However, it is important to point out at this point, that althoughsome guidelines are useful (investigation of and response to detected physicalsecurity incidents, violations or suspicious physical access activities should bepart of the organization’s incident response capability), a lot of the proposedmeasures are simply not feasible for PCNs. For example: it is simply impossible tomonitor 800 miles of pipeline in Siberia. As such additional measures need to bethought up to address the issue of physical security for PCNs.Category CIP NISCC NIST 800-53Inadequate physical accessrestrictionCIP006 4.3.8, 4.3.9 AC-2, AC-11, AC-7, PE-3, 4, 6, 7,18, 207.4 Discussion – Specific versus General frameworksIt is important to note that although the frameworks we selected:- CIP (NERC)- Good Practice Guide Process Control and SCADA Security (NISCC)- Special Publication 800-53 Revision 3 (NIST).mentioned specific attention points and effective measures which could reducerisks for PCNs, we feel that the use of a general framework like ISO27001 orCoBIT could also have addressed the risks for PCNs as described in Section 7.3.7.4.1 Comparing ISO27001 with specific risks for PCNsIn our discussion we identified the following specific risks for PCNs:1 Unsupported systems2 Increased interconnectivity3 Inadequate logical access restriction4 Inadequate physical access restrictionWe will try to identify sections of ISO27001 which could also map to the identifiedrisks. Please note that we will first name the PCN specific risk (e.g. “1unsupported systems” followed by the various ISO 27001 sections which apply tothis PCN specific risk).Process Control Network Security Page 41
Page 1 and 2: Process Control Network SecurityCom
Page 3 and 4: Table of ContentsPreface ..........
Page 5 and 6: 1 Introduction1.1 IntroductionFor t
Page 7 and 8: 2 Research ApproachThis chapter wil
Page 9 and 10: The relationship between CIA and ST
Page 11 and 12: The picture below shows some typica
Page 13 and 14: 3.4 Communication Topology (past vs
Page 15 and 16: 4 PCNs vs. Office IT4.1 Introductio
Page 17 and 18: The differences mentioned above and
Page 19 and 20: As a result, access controls design
Page 21 and 22: - unpatched machines within the PCN
Page 23 and 24: In addition, the scale on which cyb
Page 25 and 26: The list below presents examples of
Page 27 and 28: SpoofingidentityTamperingwith dataR
Page 30 and 31: SpoofingidentityTamperingwith dataR
Page 32 and 33: does hardly take place. Unauthorize
Page 34 and 35: The US department for Homeland Secu
Page 36 and 37: • Inadequate logical access restr
Page 38 and 39: functionality. These firewalls shou
Page 42 and 43: 1 Unsupported systemsThe following
Page 44 and 45: CategoryControlIncreasedinterconnec
Page 46 and 47: CategoryControlcomponents.4.5 In si
Page 48 and 49: 2 Increased interconnectivity (e.g.
Page 50 and 51: 9 ReflectionDuring the writing of t
Page 52 and 53: [GIA09][GOOD08][ITIL09][MCA09][MS09
Page 54 and 55: [TEN09][THER01]SCADA plugins for Ne
Page 56 and 57: I.2.1.4 SummaryThe table below summ
Page 58 and 59: Shared resourcesinsufficientlyaddre
Page 60 and 61: where it is stored. If an unauthori
Page 62 and 63: Replay attacks:A replay attack is a
Page 64 and 65: TCP/IP:The TCP/IP model is a descri

Process Control Network Security

Create successful ePaper yourself

Delete template?

Save as template?