Plant Automation Security

1 Management Summary

Plant automation systems are undergoing significant change in the current digital transformation environment. Two of the main drivers for this change ...

2 Highlights

• Plant automation systems hold significant promise for organizations to develop a closer relationship between business process owners and operational ...

3 The Ingredients

The components of a robust security framework are not onerous or complex; but it is necessary to ensure they are fit-for-purpose.

3.1 Account Management

Managing accounts in an industrial computer system is essential to maintaining a secure environment. In the past, operators of ICSs have relied on phy ...

3.1.1 Privileged account management

Part of the account management task is to provide special attention to those who can access privileged accounts. These are accounts that can access sy ...

3.1.2 Vendor accounts

Historically many plant automation environments maintain a ‘back-door’ account for vendors to use for maintenance purposes. In many cases these ac ...

3.1.3 Log management

Critical events and alarms should be written to a network management system. Authentication events should be part of this log management in order to f ...

3.2 Network partitioning

It is necessary to maintain separate sub-nets within an ICS, each with its own access control group. This will greatly inhibit possible cross-contamin ...

3.3 Endpoint protection

RTU concentrators and PLCs are typical endpoints requiring protection. These devices should have the ability to leverage technology such as:

• Appli ...

3.4 Embedded device protection

By definition embedded devices are less prone to attack because there is less opportunity for malicious hackers to get access to the system and modify ...

4 Developing a Security Culture

While there is device-level security that can be ‘baked into’ devices it’s also important to instill a security culture within an organization. ...

4.1 Social engineering attacks

Social engineering attacks are a major threat to an ICS. These are used to gain access credentials for accounts with administrative permissions. Once ...

4.2 Phishing attacks

The most prevalent source of system compromises these days is via phishing. There are multiple ways a hacker can steal credentials: email, phone call, ...

4.3 Man-in-the-Middle attacks

Plant automation environments are susceptible to MIM attacks either between the control system and the SCADA system, or more likely, between the RTUs ...

4.4 Network Monitoring

One of the most promising technologies coming on the market is behavioral analytics which provides dynamic network monitoring for out-of-pattern event ...

4.5 Managing Devices

There are multiple levels within an industrial computer system that require access control:

• SCADA systems – as noted above, access to systems th ...

4.6 Antimalware protection

Malware infestation should be extremely unlikely in an ICS because system components are typically behind firewalls and any removable media device por ...

4.7 Security Analytics

One very promising technology these days is the security analytics solutions that can quickly identify any anomaly in system operation or network traf ...

5 Recommendations

It is recommended that a strategic view be conducted to ensure that plant automation systems are accurately identified as critical components of an or ...

6 Related Research

Advisory Note: Integrating Security into and agile development and operations paradigm - 71125
Advisory Note: Trends in Authentication and Authoriza ...