Intro to IACS Flashcards
Electronic Security?
Action Required to protect the critical infrastructure or Information system from unauthorized access, modifications, Denial of Service, destruction, loss of revenue, disclosure, etc.
Cybersecurity?
measures taken to protect computers and computer systems against unauthorized access or attack.
Control System?
Hardware and Software components of Industrial Automation Control System (IACS)
Dimensions of Modern Warfare?
Air
Land
Water
Space
Cyber
What are the reasons for increased cyber attacks on IACS? Why are businesses reporting increased cyber-attacks or malicious code injection attempts?
Use of more Commercial Of The Shelf (COTS) hardware and software.
Common use of Internet Protocols.
Use of propriety communication protocols.
Extensive use of remote access solutions increases the attack surface.
Tools that can automate the attacks are freely available.
Use of Flat Network design (lack of segmentations/ separations).
More & More vulnerabilities are being published that are used by attackers.
Cybercriminals Focus on targeting/attacking critical infrastructures and essential services.
Consequences of Cyber Attack on Organization?
- Unauthorized Access to the control system and confidential data can lead to data theft/loss and misuse.
- Loss of Integrity of the control system can lead to loss of reliability.
- Loss of Availability of the control system can lead to production downtime and commercial impact.
- Loss of reputation and investors/public trust in an organization.
Damage to System and components. - Compromised IACS can lead to safety issues, endangering the lives of personnel.
- This can violate legal and regulatory requirements, implicating penalties and other actions.
Consequences of Cyber Attack on Society?
A compromised IACS Infrastructure, such as power substations/grids, nuclear plants, water and wastewater treatment plants, Pharmaceutical companies, etc., can disrupt ordinary people’s everyday lives and lead to genocides by various means, such as poisoned water supplies, harmful batches of life-saving drugs, etc.
IACS
Industrial Automation Control System
Malware
Short for malicious software, it refers to any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers and computer systems.
Types of Malwares
Virus
Trojan Horse
key Logger
Ransomware
Spyware
Bots
Rootkits
Worms
Fileless Malware
Wiper
Adware
Cryptojacking
Common Myths in IACS
- Our systems don’t connect to the Internet.
- Our IACS infrastructure is behind the firewall.
- Hackers do not understand IACS.
- Our Safety systems will protect us from Cyber Attacks.
- We are not a target for the hackers.
Known Industrial Protocols Examples?
Modbus - Open Scada protocol
Ethernet/IP - Common Industrial Protocol
BACnet - Building Automation
DNP3 - Water/ Electrical
Siemens S7 - Siemens S7 PLC
Niagara Fox with SSL - Building Automation
SHODAN?
Internet Exposed IACS component can be searched.
Difference Between IT & IACS security priority
IT Follows:
Confidentiality (C)
Integrity (I)
Availability (A)
OT Follows:
Availability (A)
Integrity (I)
Confidentiality (C)
*OT cybersecurity must address issues related to Safety.
Different performance requirements in IT and OT
IT:
1 - IT Protocols
2 - High bandwidth and throughput.
3 - Response time must be reliable.
4 - High delay and jitter can be tolerated (case-to-case).
5 - Less critical emergency interaction.
OT:
1 - IT and OT Protocols
2 - Moderate bandwidth and throughput.
3 - Response time is critical.
4 - High delay and jitter are not accepted.
5 - Response to emergencies is critical.
Different availability requirements in IT and OT
IT:
1 - Scheduled Operations.
2 - Reboot is tolerated.
3 - Occasional failures tolerated.
4 - Beta testing in the field is acceptable.
5 - Modifications are possible with very little paperwork.
OT:
1 - Continuous Operation.
2 - Reboots may not be tolerated.
3 - Outage is not tolerated.
4 - Complete QA testing is required in a non-production environment.
5 - Modifications may require complete re-certification of the system.
Different operating requirements in IT and OT
IT:
1 - Data Center or Office environment.
2 - Typical Office Applications.
3 - Standard OS.
4 - Abundant resources (memory, storage, etc.)
5 - Patching is straightforward.
6 - COTS Asset Lifespan (3-5 Yrs)
OT:
1 - Industrial Environment.
2 - Special Applications.
3 - Standard and embedded OS.
4 - Resource Constraints.
5 - Patching is challenging and may impact hardware, graphics, and logic.
6 - Legacy Assets with a life span of (15-20 yrs)
Different risk Management Goals in IT and OT
IT:
1 - Recovery By reboot is accepted
2 - Impact is attributed to data loss, delayed operations, and revenue.
3 - Data Confidentiality and Integrity are paramount.
OT:
1 - Fault tolerance is essential.
2 - Impact could lead to loss of life, equipment or product.
3 - HSE and production are of paramount importance (Integrity & Availability)
Risk Equation
Risk = Threat X Vulnerability X Consequences
Defense In depth
*Layered security approach.
1-Physical Security.
2-Policy, Procedure & Guidelines.
3-Zones and Conduits.
4-Malware Protection.
5-Access Control.
6-Detection & Monitoring.
7-Patch Management.
Detection in depth
1- Detection on unknown/new devices.
2 - Detection of missing devices.
3 - Detection of devices with out-of-date patching and antivirus.
4 - Detection of Unusual traffic.
5 - Detection of the use of unknown/new protocols for communication.
6 - Detection of communication with a new set of IP/MAC than usual.
7 - Detection of traffic during unexpected times.
8 - Deployment of IDS at various sections of the production environment
9 - Deployment of syslog for central log collection and monitoring.
Risk Responses
D- Design the risk out.
R- Reduce the risk.
A- Accept the risk.
T- Transfer the risk.
E- Eliminate the risk by redesigning ineffective controls.
Risk Tolerance
Unique to every organization.
Management is responsible for determining.
