KuppingerCole Report
Advisory Note
By Graham Williamson

Plant Automation Security

Industrial Computer Systems (ICS) are increasingly coming under attack as hackers are realizing the economic and reputational benefit of a successful operations technology system compromise. Organizations seeking to exploit their plant automation systems to drive business processes are deploying communications paths to their ICSs and raising the risk profile of their organizations.
By Graham Williamson
gw@kuppingercole.com

1 Management Summary

Plant automation systems are undergoing significant change in the current digital transformation environment. Two of the main drivers for this change ...

Login Free 30-day Select Access Get full Access

2 Highlights

  • Plant automation systems hold significant promise for organizations to develop a closer relationship between business process owners and operational ...
Login Free 30-day Select Access Get full Access

3 The Ingredients

The components of a robust security framework are not onerous or complex; but it is necessary to ensure they are fit-for-purpose.

Login Free 30-day Select Access Get full Access

3.1 Account Management

Managing accounts in an industrial computer system is essential to maintaining a secure environment. In the past, operators of ICSs have relied on phy ...

Login Free 30-day Select Access Get full Access

3.1.1 Privileged account management

Part of the account management task is to provide special attention to those who can access privileged accounts. These are accounts that can access sy ...

Login Free 30-day Select Access Get full Access

3.1.2 Vendor accounts

Historically many plant automation environments maintain a ‘back-door’ account for vendors to use for maintenance purposes. In many cases these ac ...

Login Free 30-day Select Access Get full Access

3.1.3 Log management

Critical events and alarms should be written to a network management system. Authentication events should be part of this log management in order to f ...

Login Free 30-day Select Access Get full Access

3.2 Network partitioning

It is necessary to maintain separate sub-nets within an ICS, each with its own access control group. This will greatly inhibit possible cross-contamin ...

Login Free 30-day Select Access Get full Access

3.3 Endpoint protection

RTU concentrators and PLCs are typical endpoints requiring protection. These devices should have the ability to leverage technology such as:

  • Appli ...
Login Free 30-day Select Access Get full Access

3.4 Embedded device protection

By definition embedded devices are less prone to attack because there is less opportunity for malicious hackers to get access to the system and modify ...

Login Free 30-day Select Access Get full Access

4 Developing a Security Culture

While there is device-level security that can be ‘baked into’ devices it’s also important to instill a security culture within an organization. ...

Login Free 30-day Select Access Get full Access

4.1 Social engineering attacks

Social engineering attacks are a major threat to an ICS. These are used to gain access credentials for accounts with administrative permissions. Once ...

Login Free 30-day Select Access Get full Access

4.2 Phishing attacks

The most prevalent source of system compromises these days is via phishing. There are multiple ways a hacker can steal credentials: email, phone call, ...

Login Free 30-day Select Access Get full Access

4.3 Man-in-the-Middle attacks

Plant automation environments are susceptible to MIM attacks either between the control system and the SCADA system, or more likely, between the RTUs ...

Login Free 30-day Select Access Get full Access

4.4 Network Monitoring

One of the most promising technologies coming on the market is behavioral analytics which provides dynamic network monitoring for out-of-pattern event ...

Login Free 30-day Select Access Get full Access

4.5 Managing Devices

There are multiple levels within an industrial computer system that require access control:

  • SCADA systems – as noted above, access to systems th ...
Login Free 30-day Select Access Get full Access

4.6 Antimalware protection

Malware infestation should be extremely unlikely in an ICS because system components are typically behind firewalls and any removable media device por ...

Login Free 30-day Select Access Get full Access

4.7 Security Analytics

One very promising technology these days is the security analytics solutions that can quickly identify any anomaly in system operation or network traf ...

Login Free 30-day Select Access Get full Access

5 Recommendations

It is recommended that a strategic view be conducted to ensure that plant automation systems are accurately identified as critical components of an or ...

Login Free 30-day Select Access Get full Access

Copyright

©2020 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded back in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.

top