The document provides guidance on securing industrial control systems through a defense-in-depth approach. It summarizes the Purdue Model for Control Hierarchy, which defines five zones and six levels of operations for industrial control systems. It then presents a reference architecture based on this model, with multiple zones and security controls between the enterprise, manufacturing and process zones. Specifically, it identifies security patterns and controls for access control, log management, network security and remote access that are critical for industrial control system security.
One word that you often see associated with any data center is its “tier,” or its level of service. Virtually every data center has a tier ranking of I, II, III, or IV, and this ranking serves as a symbol for everything it has to offer: its physical infrastructure, its cooling, power infrastructure, redundancy levels, and promised uptime.
This presentation takes a look at each of the 4 data center tiers, examining the key components for each tier, as well the total expected uptime level for each tier. If you are in the process of evaluating data centers, this is no doubt a term you will come across in your search, so we hope this presentation helps provide some solid background in to how you can better choose a data center for your specific needs.
For more insights into the data center world, and to learn more about Data Cave, check out our website at www.thedatacave.com.
Secure Systems Security and ISA99- IEC62443Yokogawa1
With the new Industrial Network standards like ISA-IEC62443 companies are evolving their IT and OT networks to face evolving threats. This presentation will cover industrial networking best practices, secure architectures and segregation techniques that can be used by all businesses to prevent a minor business network breach from becoming an industrial catastrophe.
Topics Covered in this Seminar Include:
Overview Of Cyber Threat
Introduction - ISA IEC Industrial Control Security Standards
An Example - Advanced Persistent Threat (APT)
ISA/IEC 62443-3-2 Network Separation - An APT countermeasure
The next step in APT defenses System Certification to ISA/IEC 62443 Cybersecurity Standards
ISA/IEC 62443 Cybersecurity Standards Current Efforts
The Future of ISA/IEC 62443 Cybersecurity Standards
When developing data center energy-use estimations, engineers must account for all sources of energy use in the facility. Most energy consumption is obvious: computers, cooling plant and related equipment, lighting, and other miscellaneous electrical loads. Designing efficient and effective data centers is a top priority for consulting engineers. Cooling is a large portion of data center energy use, second only to the IT load. Although there are several options to help maximize HVAC efficiency and minimize energy consumption, data centers come in many shapes, sizes, and configurations. By developing a deep understanding of their client’s data center HVAC requirements, consulting engineers can help maintain the necessary availability level of mission critical applications while reducing energy consumption.
One word that you often see associated with any data center is its “tier,” or its level of service. Virtually every data center has a tier ranking of I, II, III, or IV, and this ranking serves as a symbol for everything it has to offer: its physical infrastructure, its cooling, power infrastructure, redundancy levels, and promised uptime.
This presentation takes a look at each of the 4 data center tiers, examining the key components for each tier, as well the total expected uptime level for each tier. If you are in the process of evaluating data centers, this is no doubt a term you will come across in your search, so we hope this presentation helps provide some solid background in to how you can better choose a data center for your specific needs.
For more insights into the data center world, and to learn more about Data Cave, check out our website at www.thedatacave.com.
Secure Systems Security and ISA99- IEC62443Yokogawa1
With the new Industrial Network standards like ISA-IEC62443 companies are evolving their IT and OT networks to face evolving threats. This presentation will cover industrial networking best practices, secure architectures and segregation techniques that can be used by all businesses to prevent a minor business network breach from becoming an industrial catastrophe.
Topics Covered in this Seminar Include:
Overview Of Cyber Threat
Introduction - ISA IEC Industrial Control Security Standards
An Example - Advanced Persistent Threat (APT)
ISA/IEC 62443-3-2 Network Separation - An APT countermeasure
The next step in APT defenses System Certification to ISA/IEC 62443 Cybersecurity Standards
ISA/IEC 62443 Cybersecurity Standards Current Efforts
The Future of ISA/IEC 62443 Cybersecurity Standards
When developing data center energy-use estimations, engineers must account for all sources of energy use in the facility. Most energy consumption is obvious: computers, cooling plant and related equipment, lighting, and other miscellaneous electrical loads. Designing efficient and effective data centers is a top priority for consulting engineers. Cooling is a large portion of data center energy use, second only to the IT load. Although there are several options to help maximize HVAC efficiency and minimize energy consumption, data centers come in many shapes, sizes, and configurations. By developing a deep understanding of their client’s data center HVAC requirements, consulting engineers can help maintain the necessary availability level of mission critical applications while reducing energy consumption.
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
Using Assessment Tools on ICS (English)Digital Bond
Dale Peterson of Digital Bond describes the methodology of using security assessment tools on an operational ICS. He also discusses how to best use the features and functions of these tools.
Presented: September 21, 2017
At: CS2AI, Washington, DC
A decade ago, ISA99 published the first standard in what is now the ISA/IEC 62443 series. Since then, the series has coalesced into the current form consisting of 13 individual documents in various stages of completion, publication, and/or revision. Printing out all of the existing standards and drafts can easily use up more than a ream of paper. It can be a daunting task to try to apply it to an organization. So, what are you supposed to do? How are you supposed to proceed? In this talk, I’ll go over some of the lessons I’ve learned from helping customers develop and evaluate security programs within their organization.
The strategic importance of Information Security for organisations is gaining momentum. The current surge in cyber threats is compelling organisations to invest in information security to protect their assets. Rushing to protect assets often comes with the expense of excessive technology adoption without a valid strategic foundation. Enterprise Security Architecture is geared to address these issues, but is frequently misaligned with Enterprise Architecture. In this presentation we explore avenues for the adoption and enforcement of Security-By-Design in the Enterprise Architecture value-chain so as position Risk, Security and IT as true business enablers.
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
With cybersecurity threats continuing to grow faster than security budgets, CISOs, CIOs and SecOps teams are left at a dangerous disadvantage.
Even enterprises running their own Security Operations Centers (SOCs) find the perennial shortage of skills, tools, and other resources stops them from realizing the full value of investments. Rather than struggle to find – and hang on to – top talent with hands-on experience across network and cloud security, mid-sized enterprises are instead opting for SOC-as-a-Service offerings.
When it comes to designing, building, and operating mission critical data centers, simple is better. Prefabricated data center building blocks comprised of Power, Cooling and/or IT White Space can be connected to provide a semi or fully prefabricated data center solution. Prefabricated data center solutions provide multiple advantages to include predictable performance, faster deployment and, flexibility and scalability versus traditional build data centers. This presentation will show you how a pre-fabricated modular data center architecture can dramatically simplify your design and build process and lower your total cost of operation.
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.
For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
• Walkthrough of the ISO/IEC 27701
• Links with ISO/IEC 2700x series standards, ISO 29100 series...
• ISO/IEC 2700x and GDPR mapping
• Audit & certification
Presenter:
Our presenter for this webinar, Peter Geelen is director and managing consultant at CyberMinute and Owner of Quest For Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms.
Peter is an accredited Lead Auditor for ISO/IEC 27001/ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified Sr. Lead Cybersecurity Manager, ISO/IEC 27001 Master, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, CDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Date: December 04, 2019
The recorded webinar: https://www.youtube.com/watch?v=ilw4UmMSlU4&feature=emb_logo
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Google +: https://plus.google.com/+PECBGroup
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
Jonathan Pollet and Mark Heard of Red Tiger Security at S4x15 OTDay.
The NIST Cybersecurity Framework (CSF) has been out for a year now, and some owner/operators have begun to use it to help create an ICS cyber security program. The Red Tiger Security team discusses what the CSF is and there experience in using it with real world clients.
A breakdown of data center tier standards based on the Uptime Institute data center tier ratings. Find out which data center will be the right fit for your business. Whether you're a small, medium, or enterprise level business, understanding data center tiers will better prepare you to make the right hosting decision.
Nozomi Networks is the leader of industrial cybersecurity, delivering real-time visibility to manage cyber risk & improve resilience for industrial operations. With one solution, customers gain advanced cybersecurity, improved operational reliability & easy IT/OT integration. Innovating the use of artificial intelligence, the company helps the largest industrial sites around the world See and Secure™ their critical industrial control networks. Today Nozomi Networks supports over a quarter of a million devices in the critical infrastructure, energy, manufacturing, mining, transportation & utility sectors, making it possible to tackle the escalating cyber risks to operational networks (OT).
Patch management is critical to reducing your attack surface and keeping your endpoints and business running smoothly. Unfortunately, it's also a process that must be repeated weekly, monthly, quarterly, and whenever critical fixes have been identified for your environment. The good news is: with the right tools and some advance planning, this process can run smoothly and leave your IT team with more time to support core business goals.
Join us to learn about trends in patch management, including the latest ways Ivanti is helping Security and IT teams work together like a well-oiled machine.
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...Schneider Electric
Federal agencies are moving their industrial control systems (ICS) from operational business networks to separate, dedicated networks in order to enhance security. However, without a system to test the new equipment and software coming into these separate networks, security risks will persist. This paper explores the impact on security of instituting a sanctioned ICS test lab and recommends best practices for setting up and operating these labs.
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
Using Assessment Tools on ICS (English)Digital Bond
Dale Peterson of Digital Bond describes the methodology of using security assessment tools on an operational ICS. He also discusses how to best use the features and functions of these tools.
Presented: September 21, 2017
At: CS2AI, Washington, DC
A decade ago, ISA99 published the first standard in what is now the ISA/IEC 62443 series. Since then, the series has coalesced into the current form consisting of 13 individual documents in various stages of completion, publication, and/or revision. Printing out all of the existing standards and drafts can easily use up more than a ream of paper. It can be a daunting task to try to apply it to an organization. So, what are you supposed to do? How are you supposed to proceed? In this talk, I’ll go over some of the lessons I’ve learned from helping customers develop and evaluate security programs within their organization.
The strategic importance of Information Security for organisations is gaining momentum. The current surge in cyber threats is compelling organisations to invest in information security to protect their assets. Rushing to protect assets often comes with the expense of excessive technology adoption without a valid strategic foundation. Enterprise Security Architecture is geared to address these issues, but is frequently misaligned with Enterprise Architecture. In this presentation we explore avenues for the adoption and enforcement of Security-By-Design in the Enterprise Architecture value-chain so as position Risk, Security and IT as true business enablers.
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
With cybersecurity threats continuing to grow faster than security budgets, CISOs, CIOs and SecOps teams are left at a dangerous disadvantage.
Even enterprises running their own Security Operations Centers (SOCs) find the perennial shortage of skills, tools, and other resources stops them from realizing the full value of investments. Rather than struggle to find – and hang on to – top talent with hands-on experience across network and cloud security, mid-sized enterprises are instead opting for SOC-as-a-Service offerings.
When it comes to designing, building, and operating mission critical data centers, simple is better. Prefabricated data center building blocks comprised of Power, Cooling and/or IT White Space can be connected to provide a semi or fully prefabricated data center solution. Prefabricated data center solutions provide multiple advantages to include predictable performance, faster deployment and, flexibility and scalability versus traditional build data centers. This presentation will show you how a pre-fabricated modular data center architecture can dramatically simplify your design and build process and lower your total cost of operation.
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.
For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
• Walkthrough of the ISO/IEC 27701
• Links with ISO/IEC 2700x series standards, ISO 29100 series...
• ISO/IEC 2700x and GDPR mapping
• Audit & certification
Presenter:
Our presenter for this webinar, Peter Geelen is director and managing consultant at CyberMinute and Owner of Quest For Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms.
Peter is an accredited Lead Auditor for ISO/IEC 27001/ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified Sr. Lead Cybersecurity Manager, ISO/IEC 27001 Master, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, CDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Date: December 04, 2019
The recorded webinar: https://www.youtube.com/watch?v=ilw4UmMSlU4&feature=emb_logo
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Google +: https://plus.google.com/+PECBGroup
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
Jonathan Pollet and Mark Heard of Red Tiger Security at S4x15 OTDay.
The NIST Cybersecurity Framework (CSF) has been out for a year now, and some owner/operators have begun to use it to help create an ICS cyber security program. The Red Tiger Security team discusses what the CSF is and there experience in using it with real world clients.
A breakdown of data center tier standards based on the Uptime Institute data center tier ratings. Find out which data center will be the right fit for your business. Whether you're a small, medium, or enterprise level business, understanding data center tiers will better prepare you to make the right hosting decision.
Nozomi Networks is the leader of industrial cybersecurity, delivering real-time visibility to manage cyber risk & improve resilience for industrial operations. With one solution, customers gain advanced cybersecurity, improved operational reliability & easy IT/OT integration. Innovating the use of artificial intelligence, the company helps the largest industrial sites around the world See and Secure™ their critical industrial control networks. Today Nozomi Networks supports over a quarter of a million devices in the critical infrastructure, energy, manufacturing, mining, transportation & utility sectors, making it possible to tackle the escalating cyber risks to operational networks (OT).
Patch management is critical to reducing your attack surface and keeping your endpoints and business running smoothly. Unfortunately, it's also a process that must be repeated weekly, monthly, quarterly, and whenever critical fixes have been identified for your environment. The good news is: with the right tools and some advance planning, this process can run smoothly and leave your IT team with more time to support core business goals.
Join us to learn about trends in patch management, including the latest ways Ivanti is helping Security and IT teams work together like a well-oiled machine.
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...Schneider Electric
Federal agencies are moving their industrial control systems (ICS) from operational business networks to separate, dedicated networks in order to enhance security. However, without a system to test the new equipment and software coming into these separate networks, security risks will persist. This paper explores the impact on security of instituting a sanctioned ICS test lab and recommends best practices for setting up and operating these labs.
This presentation discusses why cybersecurity is an issue for safety instrumented systems and will examine example architectures when communicating with the SIS.
Maintaining Continuous Compliance with HCL BigFixHCLSoftware
The rise in security threats affecting endpoints and the changing landscape of mobile and cloud-driven work environments has created new challenges for IT teams. BigFix Compliance offers a unified endpoint management solution that provides real-time visibility and policy enforcement to safeguard complex and widely distributed IT environments. It significantly reduces the administrative burden of compliance reporting and ensures adherence to standards, helping organizations protect their endpoints and minimize attack surfaces with minimal effort.
Augmentation of a SCADA based firewall against foreign hacking devices IJECEIAES
An Industrial firewall is a system used to supervise and regulate traffic to and from a network for the purpose of securing appliances on a network. It analyzes the data passing through it to an already defined surveillance criteria or protocols, discarding data that does not meet the protocol’s requirements. In effect, it is a filter preventing undesirable network traffic and selectively limiting the type of transmission that occurs between a secured transmission line. In this research paper a SCADA based Firewall is implemented for protection of the data transmission to a PLC, against external hacking devices. This firewall is virtually exposed to several external hackers and the degree of vulnerability is carefully studied, in order to develop an ideal Firewall.
The session with highlight Intel’s vision for IoT Security and the fundamental building blocks and capabilities Intel and the ecosystem are providing to organizations to build security in from design through deployment and maintenance.
Computer integrated manufacturing systems have changed the interaction of industrial manufacturing equipment with different systems within and outside the manufacturing environment. The increase in the sophistication of the manufacturing equipment, along with increased connectivity with internal and external systems has changed the way that manufacturing security is designed. As manufacturers move towards a more connected collaborative environment in order to compete in global businesses and geographically disparate facilities, concerns that their proprietary manufacturing processes and intellectual property could be exposed to damaging compromise on a worldwide scale are increasing. The US government has also passed several regulations so that companies take into account general concerns like physical and logical security. Biometrics can solidify the authority checks and operator entry checks since the authentication is no longer based only on passwords or security cards/tokens. This paper proposes a unique application of biometrics and computer integrated technology as part of providing an applied solution for the problems of security and auditability in the manufacturing environment. The design of the prototype will integrate facial recognition and fingerprint recognition into the existing infrastructure of the manufacturing environment to provide strong authentication and non-repudiation of audit trails. The prototype of the system will also examine the feasibility of using fingerprint recognition for remote operation of manufacturing systems.
Reports on Industrial Control Systems’ Cyber SecurityA. V. Rajabahadur
During the many years of my association with industrial control and plant automation systems, I, like my most other professional colleagues, have worked on the assumption that controller systems must meet industrial companies’ functional requirements; accuracy, safety & reliability, and robustness & repeatability. Industrial companies invest in control & instrumentation systems not only to secure health, safety, and environment (HSE) protection, but also to improve plant asset performance, plant availability, and profitability.
The recent advent of Stuxnet, Flame, Duqu, Havex, and such other malwares have exposed the vulnerability of industrial control systems to cyber-attacks, and thus have opened the Pandora’s Box. Cyberthreats, posing serious challenges not only to industries but also to nation states, are a reality.
In my report “Reports on Industrial Control Systems’ Cyber Security,” I have compiled few articles that are written to create the necessary awareness among the critical infrastructure industries about the real nature of the threats and to provide some suggestions both to industrial control and plat automation vendors and end-users to initiate countermeasures.
Integrated Control and Safety - Assessing the Benefits; Weighing the RisksSchneider Electric
While best practice has leaned toward keeping control and
safety isolated from each other, recent enterprise data integration
and cost control initiatives are providing incentive to
achieve some level of integration. This paper describes three
basic integration models, including an “interfaced” approach,
in which separate control and safety communicate via a
custom built software bridge; an “integrated but separate”
approach, in which the disparate systems sit on the same
network, but share information only across isolated network
channels; and a “common” approach, in which both control
and safety systems share a common operating system. The
authors then compare the three approaches according to
compliance with safety standards and cost efficiencies.
This report addresses the common challenge of BMS cyber security and its underlying components. Vulnerable elements across a range of components were investigated, with the vulnerabilities potentially affecting more than 10 million people.
During the research, some of the risks discovered within these BMS components include the potential ability for threat actors to:
Remotely lock or unlock doors and gates;
Control physical access of restricted areas;
Deny service (shutdown controllers);
Manipulate alarms and video surveillance;
Control temperature, boilers, air-condition, windows blinds, gas readings, etc.
Through a detailed analysis of the affected components, we provide clear cyber security recommendations for end users, vendors and system integrators, as well as a thorough technical breakdown including Proof of Concept exploit code, which allow unauthenticated remote code execution against the affected BMS products.
https://applied-risk.com/resources/i-own-your-building-management-system
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...Dhana Raj Markandu
Conference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia
(Accepted for presentation but not published due to unforeseen withdrawal of author)
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresIJRES Journal
Virtualization continues to take center stage at IT industry, yet many organizations are finding it difficult to secure virtualized environments. Security is a critical component in the growing IT system surrounding virtualization. Many organizations find the security challenges associated with virtualization to be a major hurdle, companies of all kinds across all industries are looking towards addressing business and security needs in the virtual infrastructure. There are many research work done before about how to check the compliance status of the cloud platform, not of the virtual machines running on the platform. This paper proposes the security framework for multiple heterogeneous virtual machines which assess the compliance security of the virtual machines. In this paper we make use of REST APIs, using which we create remote session on the virtual machines and fetch the machine values which will be parsed to get the required values for assessment.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
1. Interested in learning
more about security?
SANS Institute
InfoSec Reading Room
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.
Secure Architecture for Industrial Control Systems
Industrial Control Systems (ICS) have migrated from stand-alone isolated systems to interconnected systems
that leverage existing communication platforms and protocols to increase productivity, reduce operational
costs and further improve an organization s support model. ICS are responsible for a vast amount of critical
processes necessitating organizations to adequately secure their infrastructure. Creating strong boundaries
between business and process control networks can reduce the number of vulnerabilities and att...
Copyright SANS Institute
Author Retains Full Rights
AD
2. Secure Architecture for Industrial Control Systems
GIAC (GSEC) Gold Certification
Author: Luciana Obregon, lucianaobregon@hotmail.com
Advisor: Barbara Filkins
Accepted: September 23, 2015
Template Version September 2014
Abstract
Industrial Control Systems (ICS) have migrated from stand-alone isolated systems to
interconnected systems that leverage existing communication platforms and protocols to
increase productivity, reduce operational costs and further improve an organization’s
support model. ICS are responsible for a vast amount of critical processes necessitating
organizations to adequately secure their infrastructure. Creating strong boundaries
between business and process control networks can reduce the number of vulnerabilities
and attack pathways that an intruder may exploit to gain unauthorized access into these
critical systems.
This paper provides guidance to those organizations that must secure their ICS systems
and networks through a defense-in-depth approach to security, achieved through the
identification of key security patterns and controls that apply to critical information
security domains. The goal is a visual explanation that allows stakeholders to understand
how to reduce information risk while preserving the confidentiality, integrity and
availability of critical infrastructure resources in the industrial control environment.
3. Secure Architecture for Industrial Control Systems 2
Luciana Obregon, lucianaobregon@hotmail.com
1. Introduction
Industrial Control Systems command a large percentage of the world’s critical
infrastructure, such as air traffic control, electrical and nuclear power plants, waste water
treatment plants, refineries, pipelines and dams. ICS have traditionally been developed
using specialized hardware and software and deployed as stand-alone platforms
employing vendor proprietary communication protocols to interact amongst like systems.
In the past, this compartmentalized architecture met manufacturing and business goals
while eliminating the risk of cyber intrusions that could arise from the exploitation of
well-known vulnerabilities found in commercial systems and applications. The majority
of ICS were confined to a particular physical plant and detached from external computer
networks. As a result, organizations had to strengthen their physical security to ensure
that the systems were accessed and operated by only those individuals that had
authorization to do so.
The increasing need to reduce manufacturing and operational costs, enhance
productivity and provide access to real-time information have been some of the key
drivers for organizations to evolve towards utilizing modern networking systems to
interconnect ICS with business and external networks. This new trend has reduced the
isolation previously found in ICS networks, exposing the critical infrastructure to a wide
array of external and internal threats as well as misconfigurations and computing errors.
Different organizations have different information security goals which are
determined and driven by their business objectives. Generally speaking, information
security organizations aim to protect the confidentiality, integrity and availability of
critical information assets. In an ICS environment the availability of control systems,
safety of human life and the integrity of the data that is processed is of paramount
importance.
ICS have distinctive performance and reliability requirements. Their system
lifecycle is usually 10 to 20 years and they are typically not built with security in mind.
Most often than not, these systems are maintained by outside vendors, are not routinely
patched or upgraded, and are deployed with default configuration settings. Because ICS
4. Secure Architecture for Industrial Control Systems 3
Luciana Obregon, lucianaobregon@hotmail.com
need to be highly available at all times, it becomes extremely difficult to get authorization
from the business to take these systems offline for security related maintenance. Given
these challenges, it is important for organizations to develop and implement a security
program for the protection of their critical infrastructure that follows a defense-in-depth
strategy. Defense-in-depth defines the implementation of layered security controls to
defend a system against different types of attacks. The goal is to reduce information risk
while preserving the availability and integrity of ICS environments and, above all, to
protect human life.
This paper establishes the fundamental concepts behind ICS using the Purdue
Model for Control Hierarchy, mapping these logical concepts into a reference
architecture for ICS. This reference architecture will be used as the basis for presenting
the architectural patterns defined in four security domains deemed critical in ICS: access
control, log management, network security, and remote access. This will allow
information security professionals and process control engineers that are responsible for
protecting an organization's most valuable assets to visualize how to protect against a
security breach, whether involving confidentiality, integrity and/or availability.
2. ICS Security Architecture
This section introduces the logical architecture for an ICS network that will be
used to identify the security controls and patterns. The Purdue Model for Control
Hierarchy logical framework, developed by the International Society of Automation ISA-
99 Committee for Manufacturing and Control Systems Security, forms the baseline for
the ICS reference architecture presented in Figure 2.
2.1. Purdue Model for Control Hierarchy
The Purdue logical framework identifies five zones and six levels of operations as shown
in Figure 1 (ISA99 Committee, 2004):
5. Secure Architecture for Industrial Control Systems 4
Luciana Obregon, lucianaobregon@hotmail.com
Figure 1 - Purdue Model for Control Hierarchy logical framework
The Purdue model uses the concept of zones to subdivide an Enterprise and ICS network
into logical segments comprised of systems that perform similar functions or have similar
requirements.
Enterprise Zone - Level 5: Enterprise
Level 5 is where corporate IT infrastructure systems and applications exist.
Typically, VPN remote access and corporate Internet access services live in this level, to
name a few. Direct communication between systems in the enterprise zones and the ICS
environment is usually discouraged based on the level of risk that this would expose the
organization to. A better approach is to manage access into the ICS environment through
a Demilitarized Zone (DMZ) (Cisco and Rockwell Automation, 2011).
Enterprise Zone - Level 4: Site Business Planning and Logistics
Level 4, often seen as an extension of Level 5, houses IT systems that deal with
reporting, scheduling, inventory management, capacity planning, operational and
maintenance management, e-mail, phone and printing services. The services, systems and
applications in Levels 4 and 5 are normally managed and operated by the IT organization
(Cisco and Rockwell Automation, 2011).
6. Secure Architecture for Industrial Control Systems 5
Luciana Obregon, lucianaobregon@hotmail.com
Manufacturing Zone - Level 3: Site Manufacturing Operations and Control
The systems in Level 3 are often responsible for managing control plant
operations to produce the desired end product. Applications, services, and systems that
are found at this level include:
Plant historian
Production reporting system
Production scheduling systems
Reliability assurance
Engineering workstations
Network File servers
IT services such as DNS, DHCP, Active Directory, and NTP
Remote access services
Staging area
The systems and applications in Level 3 communicate with the systems in
Enterprise Zone through a DMZ. Direct communication between systems in
Manufacturing and Enterprise zones is discouraged. Additionally, systems in Level 3
may communicate with systems in Levels 1 and 0 (Cisco and Rockwell Automation,
2011).
Cell/Area Zone - Level 0: Process
Level 0 includes the sensors and instrumentation elements that directly connect to
and control the manufacturing process. These devices are controlled by devices found in
Level 1 (Cisco and Rockwell Automation, 2011).
Cell/Area Zone - Level 1: Basic Control
Level 1 includes process control equipment that receives input from sensors,
processes the inputted data by using control algorithms, and sends the outputted data to a
final element. Devices in this level are responsible for continuous, sequence, batch and
7. Secure Architecture for Industrial Control Systems 6
Luciana Obregon, lucianaobregon@hotmail.com
discrete control. Some devices that exist in the level are Distributed Control Systems
(DCS), Programmable Logic Controllers (PLC), and Remote Terminal Units (RTU).
These devices run vendor-specific operating systems and are programmed and configured
from engineering workstations (Cisco and Rockwell Automation, 2011).
Cell/Area Zone - Level 2: Area Supervisory Control
Level 2 systems include the manufacturing operations equipment for an individual
production area. Level 2 typically includes:
Human Machine Interfaces (HMI)
Alarms/Alert systems
Control room workstations
These systems may communicate with systems in Level 1. Additionally, they may
also interface with systems in the Manufacturing and Enterprise zones through the DMZ
(Cisco and Rockwell Automation, 2011).
Safety Zone
Systems in the safety zone monitor processes for anomalies, automatically return
processes to safety if they exceed a defined threshold and alert the operators of unsafe
conditions. These systems are usually air-gapped from the rest of the control systems
(Cisco and Rockwell Automation, 2011).
2.2. Practical Implementation of an ICS Network
Given the disparate security requirements of ICS and IT systems coupled with the
criticality of control systems, a rigorous risk assessment should be conducted prior to
interconnecting ICS and business networks. The majority of IT systems are concerned
with achieving high performance and throughput while control systems focus on high
availability and integrity of the data for continuity of operations. The ICS risk assessment
should take into account industry best practices and regulatory standards that the
8. Secure Architecture for Industrial Control Systems 7
Luciana Obregon, lucianaobregon@hotmail.com
organization must comply with. The risk assessment process should identify the threats
and vulnerabilities that are most likely to impact the organization; it should assess the
likelihood and business impact of those threats and recommend the implementation of
security controls that will reduce the risk to a level that is acceptable to the organization.
If ICS and IT business networks must be connected, it is recommended that the
number of entry points into the ICS environment be kept to a minimum. This will reduce
the number of attack pathways that could lead an intruder into the ICS environment.
Direct communication between IT business and ICS networks should be prohibited
unless absolutely necessary for business operations.
Figure 2 illustrates an ICS reference architecture. The architecture uses the
concept of zones to split the network into smaller, more focused environments where
security controls can be consistently applied. A zone is a logical network segment within
a networking environment that has a well-defined perimeter.
In the reference architecture, Level 5 is divided into an enterprise DMZ and an
internal enterprise sub-zone. The enterprise DMZ is where systems that need to be
directly exposed to the Internet live, such as VPN and e-mail gateways, Web and
FTP/SFTP servers. The VPN gateway in the enterprise DMZ should be the only access
point into the ICS environment for remote users. The internal enterprise sub-zone is
where enterprise applications, business-to-business, and business-to-customer services
live. For instance, if the organization has a business requirement to share records with a
partner company, the server storing those records would exist in this sub-zone.
Systems containing ICS data that need to be accessed by systems or users in the
enterprise network should be placed in a DMZ and the connections between the
Enterprise network and the DMZ must be scrutinized by a stateful inspection firewall.
Similarly, ICS systems that need to communicate with the enterprise network should do
so through the DMZ. These connections must also be inspected by a stateful inspection
firewall. The firewall should follow a “deny all” security policy, allowing only those
connections that are authorized.
9. Secure Architecture for Industrial Control Systems 8
Luciana Obregon, lucianaobregon@hotmail.com
As shown in Figure 2, pair of firewalls are used to create a DMZ between the
Enterprise and ICS environments. The first firewall blocks inbound attacks destined to
systems in the ICS network and inspects traffic into and out of the DMZ. The second
firewall controls traffic into and out of the ICS environment and contains attacks
originated inside the ICS network. The two-firewalled architecture increases the
organization’s security posture by adding additional layers of security that would need to
be penetrated in order to compromise systems in the ICS environment. Security can be
greatly increased by using firewalls from different manufacturers. These two firewalls
would have different sets of vulnerabilities and in order for an attacker to tamper with
both firewalls he/she would have to find and exploit a vulnerability that is common to
both devices. Another benefit of implementing dual firewall architecture is separation of
duties. One set of firewalls can be managed by the IT department while the process
control group can be responsible for the other firewall.
Figure 2 includes two additional zones, a monitoring zone and a database zone.
The purpose of the monitoring zone is to isolate systems that store and process security-
related and system event data. Security-related events contain valuable information that
an attacker could use to create a blueprint of the network to launch an attack. On the other
hand, following an attack an intruder may want to cover their tracks and delete security-
related events so that forensics investigation is unsuccessful.
The purpose of the database zone is to isolate database servers that contain
sensitive records. Databases can store employee's username and passwords, trade secrets,
personal identifiable information, human resources information, to name a few. Database
servers should be isolated to their own zone protected by a stateful inspection firewall.
The firewall should only allow access into the zone to those systems and users that have
been authorized. Although Figure 2 only shows a database zone inside the Enterprise
zone, the database servers in the ICS environment can be further isolated to their own
database zone inside the Manufacturing zone. ICS databases can be high-value targets for
attacks because they store command and control and historical data that are used for
reporting and decision making.
10. Secure Architecture for Industrial Control Systems 9
Luciana Obregon, lucianaobregon@hotmail.com
Figure 2 – Modified Purdue Model for Control Hierarchy architecture (NIST special publication 800-82.)
11. Secure Architecture for Industrial Control Systems 1
0
Luciana Obregon, lucianaobregon@hotmail.com
2.3. Architecture Security Patterns for ICS
The Open Security Architecture defines security patterns as “a general reusable
solution to a commonly occurring problem in creating and maintaining secure
information systems” (Open Security Architecture, n.d.). This paper will identify security
patterns in the following domains and explain how they apply ICS networks:
Access Control
o Access control mechanisms guarantee that the person who is
attempting access to a system or application is who she/he says it is.
Access control involves a user submitting a unique identifier, such as a
user ID, and the corresponding authenticating information, such as a
password.
Network Security
o Network security protects the confidentiality, integrity, and availability of
information systems against internal and external threats using a variety of
security controls.
Log Management
o Critical applications and systems should generate important security-
related events to assist in identifying threats to information,
troubleshooting network or system-related issues, and comply with
regulatory requirements.
Remote Access
o Remote users and vendors seek access into the ICS environment for
remote maintenance and support.
Note: The four domains listed above are not all-inclusive as it relates to ICS
environments, but are those most commonly seen in these environments.
12. Secure Architecture for Industrial Control Systems 1
1
Luciana Obregon, lucianaobregon@hotmail.com
2.3.1. Access Control
To prevent unauthorized access into the ICS environment users must be uniquely
identified, authenticated, and authorized before gaining access. User authorization should
follow the principle of least privilege which grants users with sufficient privileges to
enable them to fulfill defined roles.
Users must be assigned a unique user ID and should use strong passwords
enforced by a security policy that ensures that:
Passwords are comprised of a minimum number of characters
Passwords use a combination of alphanumeric and special characters
Passwords are changed regularly
Passwords do not contain dictionary words
Password are not reused
Increased security can be achieved by using two-factor authentication
mechanisms for all access into the ICS environment. Two-factor authentication prevents
credential reuse and thwarts password guessing attacks. Two-factor authentication
involves using two out of three possible factors to authenticate users:
Something you know, such as a password, passphrase or PIN.
Something you have, such as a token or digital certificate.
Something you are, such as biometrics.
Some place you are, such as country code.
Access privileges into the ICS environment should be subject to approval by
senior management and should be reviewed on a regular basis. An automated way to
revoke access into the ICS environment should exist in response to threats and
vulnerabilities or information security incidents.
13. Secure Architecture for Industrial Control Systems 1
2
Luciana Obregon, lucianaobregon@hotmail.com
Figure 3 identifies the security patterns for the access control information security
domain. The yellow tags in Figure 3 represent the access control security patterns that
can be consistently applied across the ICS network.
14. Secure Architecture for Industrial Control Systems 1
3
Luciana Obregon, lucianaobregon@hotmail.com
Figure 3 - Access Control Security Patterns for ICS
15. Secure Architecture for Industrial Control Systems 1
4
Luciana Obregon, lucianaobregon@hotmail.com
2.3.2. Log Management
Most Enterprise and ICS systems and applications generate large volumes of
events on a daily basis and should have mechanisms to forward security-related events to
a centralized log collection server. The log collection server stores critical data, such as
failed and successful login attempts, system boots and escalation of privileges that must
be protected against unauthorized access and modification. The log collection server must
be properly sized with enough space to store the event logs from all critical systems and
applications for a stated retention period. The retention period must be documented in a
policy and must take into consideration industry regulations.
Log messages should contain relevant system attributes such as IP addresses,
ports and protocols used, day and time, username, method of access such as FTP, SSH, or
HTTP. When correlating event logs from different systems time becomes an important
factor. Systems and applications that generate event logs must use a consistent time
source, such as a corporate Network Time Protocol (NTP), so that the event logs contain
accurate time-stamps.
In the security architecture, depicted in Figure 2, the log collection server and
SIEM tool are placed in their own zone named “Monitoring Zone”. There are two
Monitoring Zones. The first is part of the enterprise zone and it receives and analyses
security-related events from systems and applications inside the enterprise zone. The
second is part of the manufacturing zone and it receives and analyzes security-related
events from systems in the ICS environment. Both Monitoring Zones are firewalled. Only
authorized source IP addresses are allowed to access this zone. Furthermore, access to the
log collection server and SIEM tool requires a valid username and password.
At a minimum, network security hardware, such as VPN gateways, firewalls, intrusion
prevention and detection systems, critical servers, such as domain controllers and
database servers, and critical applications, such as historian applications should generate
and forward security-related events to the corresponding log collection server in the zone
16. Secure Architecture for Industrial Control Systems 1
5
Luciana Obregon, lucianaobregon@hotmail.com
for analysis. Figure 4 identifies the security patterns for the log management information
security domain.
Internet
Packet Filtering Firewall/Router
Level 5: Enterprise (DMZ)
VPN
Web Servers FTP/SFTP Servers
Level 4: Site Business Planning and Logistics
E-Mail Scheduling SystemsPrint Servers Inventory Systems
Level 5: Enterprise
Accounting systems Business Applications
Firewall
IT Services
(DNS, DHCP,
, etc)
DMZ
Firewall
Shared
Historian
FTP/SFTP Servers Patch/AV Servers Shared Application
Servers
Firewall
Level 3: Site Manufacturing Operations and Control
Plant Historian Production/
Scheduling
Systems
Engineering
Workstations
IT Services
(DNS, DHCP,
LDAP, etc)
File Servers
Level 2: Area Supervisory Control
Level 1: Basic Control
Level 0: Process
HMI
Control Room
Workstations Alarms/Alert Systems
Sensors Actuators Valves
PLC DCS RTU
Cell/Area Zone
Manufacturing Zone
Demilitarized Zone
Enterprise Zone
IDS
IDS
IDS
IDS
IPS
IDS
IDS
IDS
E-Mail Gateway
Log Collector SIEM
Monitoring Zone
Log Collector SIEM
Monitoring Zone
Remote Access
Servers
Firewall
Database Zone
User auth. database
Remote access event logging
IDS event logging
Server event logging
Application event loggingIPS event logging
Firewall event logging
Firewall event logging
IDS event logging
Server event logging
Application event logging
Server event logging
Application event logging
Database event logging
Firewall event logging
Server event logging
Application event logging
Firewall event logging
Remote access event logging
IDS event logging
Server event logging
Application event logging
Firewall event logging
Firewall event logging
Server event logging
Application event logging
Firewall event logging
IDS event logging
Server event logging
Application event logging
Database event logging
Firewall event logging
IDS event logging
Server event logging
Application event logging
Figure 4 – Log Management Security Patterns for ICS
17. Secure Architecture for Industrial Control Systems 1
6
Luciana Obregon, lucianaobregon@hotmail.com
2.3.3. Network Security
This section focuses on the following network security controls:
Network Segmentation or Zoning
Firewalls
Network Intrusion Detection and Protection Systems
Network segmentation is typically achieved by placing a filtering device, such as
a packet filtering or stateful inspection firewall at the zone’s point of entry. A network
zone should always have one entry point as depicted in Figure 5; all traffic entering and
leaving the zone (also referred to as inter-zone traffic) should be subject to inspection by
a firewall.
Figure 5 – Network segmentation or zoning
Systems can be segmented into network zones based on their functionality,
criticality to the business, risk levels, or other requirements defined by the organization.
Regardless of the segmentation scheme the systems within a given zone will be
susceptible to common threats and vulnerabilities. It is therefore important for each zone
to have a well-defined security baseline that is applied consistently across all systems
within the zone. The security baseline will define the minimum level of protection
required to achieve certain security level within the zone.
18. Secure Architecture for Industrial Control Systems 1
7
Luciana Obregon, lucianaobregon@hotmail.com
The purpose of the firewall is to control traffic flow amongst network zones while
preventing unauthorized network traffic from entering or leaving a particular zone.
Firewalls should be configured to deny all traffic by default and explicitly allow those
connections that are authorized to enter or leave a zone. There are many different types of
firewalls, such as stateful inspection firewalls, application proxy firewalls and packet
filtering firewalls.
In the reference architecture, depicted in Figure 2, stateful inspection firewalls are
placed amongst the defined zones to ensure that:
Authorized traffic is able to cross between zones
Unauthorized traffic is denied, inbound and outbound
Authorized traffic is directed to specific systems within a zone
Additionally, a packet filtering firewall is placed at the network perimeter between the
Internet and the first border firewall. The purpose of this firewall is to stop the most basic
type of attacks and filter out noisy protocols, such as inbound ICMP, syslog, and SNMP.
Any traffic that gets past the perimeter packet filtering firewall will be further inspected
by the stateful inspection firewall.
Application proxy firewalls can be placed at the perimeter behind the packet
filtering firewall. These types of firewalls introduce latency that decreases network
performance and are not widely used in ICS networks.
Additional layer of security can be achieved by requiring the firewall to
authenticate users prior to accessing a zone. The firewall can be configured to forward
authentication requests to an external user database and grant access into the zone if the
user is authenticated.
19. Secure Architecture for Industrial Control Systems 1
8
Luciana Obregon, lucianaobregon@hotmail.com
Figure 6 – Firewall acting as authenticator- Login successful
Figure 7 – Firewall acting as authenticator – Login failed
Intrusion detection and prevention sensors should be strategically deployed across
the network and configured to detect those attacks that are most likely to succeed against
systems in the environment. The biggest problem with intrusion detection systems are
false positive alerts. When legitimate network traffic is identified as malicious or
anomalous a false positive alert is triggered. If an IDS is not tuned for the environment in
which it is installed it can generate hundreds of false positives and irrelevant alerts. This
can easily overwhelm the security analyst causing him/her to miss the real attacks.
In the reference architecture, depicted in Figure 2, IDSs are placed inside each
zone. The IDS detects inter-zone attacks (attacks amongst different zones) and intra-zone
attacks (attacks amongst systems within a zone). The zone IDS should be deployed as a
focused sensor; its signature set should be configure so that it only detects those attacks
20. Secure Architecture for Industrial Control Systems 1
9
Luciana Obregon, lucianaobregon@hotmail.com
that are relevant to the systems that are being monitored. For instance, if only Windows
systems are being monitored it would only be necessary to enable Windows-based
attacks.
In the architecture, depicted in Figure 2, an IPS is placed at the network
perimeter. The job of this IPS is to filter out any inbound malicious traffic that may have
gotten past the perimeter firewall. Additionally, this IPS detects malicious outbound
traffic such as C&C, and it can block outbound traffic from unauthorized applications,
such as P2P and anonymous proxy applications.
Figure 9 identifies the security patterns for the network security information
security domain.
21. Secure Architecture for Industrial Control Systems 2
0
Luciana Obregon, lucianaobregon@hotmail.com
Internet
Packet Filtering Firewall/Router
Level 5: Enterprise (DMZ)
VPN
Web Servers FTP/SFTP Servers
Level 4: Site Business Planning and Logistics
E-Mail Scheduling SystemsPrint Servers Inventory Systems
Level 5: Enterprise
Accounting systems Business Applications
Firewall
IT Services
(DNS, DHCP,
, etc)
DMZ
Firewall
Shared
Historian
FTP/SFTP Servers Patch/AV Servers Shared Application
Servers
Firewall
Level 3: Site Manufacturing Operations and Control
Plant Historian Production/
Scheduling
Systems
Engineering
Workstations
IT Services
(DNS, DHCP,
LDAP, etc)
File Servers
Level 2: Area Supervisory Control
Level 1: Basic Control
Level 0: Process
HMI
Control Room
Workstations Alarms/Alert Systems
Sensors Actuators Valves
PLC DCS RTU
Cell/Area Zone
Manufacturing Zone
Demilitarized Zone
Enterprise Zone
IDS
IDS
IDS
IDS
IPS
IDS
IDS
IDS
E-Mail Gateway
Log Collector SIEM
Monitoring Zone
Log Collector SIEM
Monitoring Zone
Remote Access
Servers
Firewall
Database Zone
User auth.
database
Intrusion prevention System
Packet filtering firewall
Stateful inspection firewall
Network zoning
Intrusion detection systems
Stateful inspection firewall
Network Zoning
IDS
Intrusion detection system
Intrusion detection systems Stateful inspection firewall
Network zoning
Intrusion detection system
IDS
Stateful inspection firewall
Network zoning
Intrusion detection system
IDS
Stateful inspection firewall
Network zoning
Intrusion detection system
Intrusion detection system
Network zoning
Stateful inspection firewall
Network zoning
Stateful inspection firewall
Intrusion detection systems
Figure 9 – Network Security Patterns for ICS
22. Secure Architecture for Industrial Control Systems 2
1
Luciana Obregon, lucianaobregon@hotmail.com
2.3.4. Remote Access
Access to the ICS environment should control by two-factor authentication
mechanisms. In the reference architecture, depicted in Figure 2, a VPN gateway is placed
in the Enterprise zone DMZ. Users attempting to gain access to the organization’s
network will first be required to establish an encrypted VPN tunnel to the organization’s
VPN gateway. The VPN gateway will authenticate the user by requiring a valid username
and password combination as well as a second form of authentication, usually a one-time
password (OTP) generated by a token device. The VPN gateway will act as the
authenticator forwarding the authentication requests to an external user database. If the
authentication is successful the user will be authorized to access a remote access server in
the DMZ between the enterprise and manufacturing zones. Authorization should follow
the principle of “least privilege.”
To gain further access into the ICS environment the user will be required to
connect to a remote access server located in the DMZ. The connection between the user
and the remote access server should be encrypted to prevent sending sensitive data in
clear-text. The user will then be required to provide a valid username and password as
well as a second form of authentication. If the user is successfully authenticated he/she
should only be authorized to access those systems in the ICS environment that are
required to perform a specific job function.
Figure 10 identifies the security patterns for the remote access information
security domain.
23. Secure Architecture for Industrial Control Systems 2
2
Luciana Obregon, lucianaobregon@hotmail.com
Figure 10 – Remote Access Security Patterns for ICS
3. Conclusion
This paper presents an overview of ICS and the components that make up an ICS
environment. This overview is not meant to be all encompassing; it is meant to provide
the reader with the necessary basic foundation and enough context to understand the
sections which follow.
The Purdue Model for Control Hierarchy is briefly discussed and defined as a
logical framework that organizations can use to understand how to build a secure ICS
environment. We present a reference architecture built using the Purdue Model as a
24. Secure Architecture for Industrial Control Systems 2
3
Luciana Obregon, lucianaobregon@hotmail.com
baseline, and modify it to include additional security zones and controls to show the
reader how to reduce common risks that organizations face.
Security patters are identified in four core information security domains: access
control, log management, network security and remote access. While there are many
more information security domains, such as host security, vulnerability management and
wireless security that apply to ICS environments, deploying appropriate security
measures around these four domains can greatly reduce an organization’s attack surface
while increasing its security posture.
It is important to point out that a rigorous risk assessment should be performed
prior to making architectural changes or introducing new systems into the environment
that could potentially negatively affect an organization’s security posture. The risk
assessment should identify the potential risks that interconnecting ICS and enterprise
networks can present to an organization.
Finally, information security requirements and controls should not negatively
affect the company’s ability to operate. Information security goals should always align to
the company’s strategic priorities and should create business value by protecting
confidentiality, integrity and availability of the company’s most critical assets and as a
result, reduce the overall risk exposure.
25. Secure Architecture for Industrial Control Systems 2
4
Luciana Obregon, lucianaobregon@hotmail.com
4. References
Baseline Security Requirements for Network Security Zones in the Government of
Canada (ITSG-22). Retrieved from https://www.cse-cst.gc.ca
Boyer, S. A. (2004). SCADA: Supervisory control and data acquisition. Research
Triangle Park, NC: ISA-The Instrumentation, Systems, and Automation Society.
Cisco and Rockwell Automation (2011). Converged Plantwide Ethernet (CPwE) Design
and Implementation Guide. Cisco Systems, Inc. (n.d.). Retrieved from
http://www.cisco.com/
Homeland Security (2009). Recommended Practice: Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies.
Information Security Forum (2014). The Standard of Good Practice for Information
Security. Retrieved from http://isflive.org
ISA99 Committee (2004). Manufacturing and Control Systems Security Part 1: Models
and Terminology. Retrieved from http://isa99.isa.org/
Krutz, R. L. (2006). Securing SCADA systems. Indianapolis, IN: Wiley Pub.
NIST (2014). NIST Cybersecurity Framework Core: Informative Reference Standards.
ISA 62443-3-3:2-13.
Open Security Architecture. (n.d.). Retrieved from
http://www.opensecurityarchitecture.org/
Shaw, W. T. (2006). Cybersecurity for SCADA systems. Tulsa, OK: PennWell Corp.
Stouffer, K., Falco, J., & Kent, K. (2006). Guide to Supervisory Control and Data
Acquisition (SCADA) and Industrial Control Systems Security.
26. Secure Architecture for Industrial Control Systems 2
5
Luciana Obregon, lucianaobregon@hotmail.com
Stouffer, K., Falco, J., & Scarfone, K. (2011). Guide to and Industrial Control Systems
Security (ICS) Security. NIST special publication 800-82.
27. Last Updated: June 27th, 2018
Upcoming SANS TrainingClick Here for a full list of all Upcoming SANS Events by Location
SANS Cyber Defence Singapore 2018 Singapore, SG Jul 09, 2018 - Jul 14, 2018 Live Event
SANS Charlotte 2018 Charlotte, NCUS Jul 09, 2018 - Jul 14, 2018 Live Event
SANSFIRE 2018 Washington, DCUS Jul 14, 2018 - Jul 21, 2018 Live Event
SANS Cyber Defence Bangalore 2018 Bangalore, IN Jul 16, 2018 - Jul 28, 2018 Live Event
SANS Pen Test Berlin 2018 Berlin, DE Jul 23, 2018 - Jul 28, 2018 Live Event
SANS Riyadh July 2018 Riyadh, SA Jul 28, 2018 - Aug 02, 2018 Live Event
Security Operations Summit & Training 2018 New Orleans, LAUS Jul 30, 2018 - Aug 06, 2018 Live Event
SANS Pittsburgh 2018 Pittsburgh, PAUS Jul 30, 2018 - Aug 04, 2018 Live Event
SANS August Sydney 2018 Sydney, AU Aug 06, 2018 - Aug 25, 2018 Live Event
SANS Hyderabad 2018 Hyderabad, IN Aug 06, 2018 - Aug 11, 2018 Live Event
SANS San Antonio 2018 San Antonio, TXUS Aug 06, 2018 - Aug 11, 2018 Live Event
SANS Boston Summer 2018 Boston, MAUS Aug 06, 2018 - Aug 11, 2018 Live Event
Security Awareness Summit & Training 2018 Charleston, SCUS Aug 06, 2018 - Aug 15, 2018 Live Event
SANS New York City Summer 2018 New York City, NYUS Aug 13, 2018 - Aug 18, 2018 Live Event
SANS Northern Virginia- Alexandria 2018 Alexandria, VAUS Aug 13, 2018 - Aug 18, 2018 Live Event
SANS Virginia Beach 2018 Virginia Beach, VAUS Aug 20, 2018 - Aug 31, 2018 Live Event
SANS Krakow 2018 Krakow, PL Aug 20, 2018 - Aug 25, 2018 Live Event
Data Breach Summit & Training 2018 New York City, NYUS Aug 20, 2018 - Aug 27, 2018 Live Event
SANS Chicago 2018 Chicago, ILUS Aug 20, 2018 - Aug 25, 2018 Live Event
SANS Prague 2018 Prague, CZ Aug 20, 2018 - Aug 25, 2018 Live Event
SANS San Francisco Summer 2018 San Francisco, CAUS Aug 26, 2018 - Aug 31, 2018 Live Event
SANS Copenhagen August 2018 Copenhagen, DK Aug 27, 2018 - Sep 01, 2018 Live Event
SANS SEC504 @ Bangalore 2018 Bangalore, IN Aug 27, 2018 - Sep 01, 2018 Live Event
SANS Tokyo Autumn 2018 Tokyo, JP Sep 03, 2018 - Sep 15, 2018 Live Event
SANS Wellington 2018 Wellington, NZ Sep 03, 2018 - Sep 08, 2018 Live Event
SANS Amsterdam September 2018 Amsterdam, NL Sep 03, 2018 - Sep 08, 2018 Live Event
SANS Tampa-Clearwater 2018 Tampa, FLUS Sep 04, 2018 - Sep 09, 2018 Live Event
SANS MGT516 Beta One 2018 Arlington, VAUS Sep 04, 2018 - Sep 08, 2018 Live Event
Threat Hunting & Incident Response Summit & Training 2018 New Orleans, LAUS Sep 06, 2018 - Sep 13, 2018 Live Event
SANS Baltimore Fall 2018 Baltimore, MDUS Sep 08, 2018 - Sep 15, 2018 Live Event
SANS Alaska Summit & Training 2018 Anchorage, AKUS Sep 10, 2018 - Sep 15, 2018 Live Event
SANS Munich September 2018 Munich, DE Sep 16, 2018 - Sep 22, 2018 Live Event
SANS London July 2018 OnlineGB Jul 02, 2018 - Jul 07, 2018 Live Event
SANS OnDemand Books & MP3s OnlyUS Anytime Self Paced