Cybersecurity
Cybersecurity advice and help for Enterprise Edition users.
Why is Security Important to Industrial Controls Today?
Extract from Cybersecurity Good Practices Guide:
Cybersecurity is no longer a secondary requirement in the industrial controls world. It is as important as safety or high availability.
Industrial control systems based on computer technology and industrial-grade networks have been in use for decades. Earlier control system architectures were developed with proprietary technology and were isolated from the outside world thus making attacks more difficult. In many cases, physical perimeter security was deemed adequate, and Cybersecurity was not a primary concern.
Today many control systems use open or standardized technologies such as Ethernet TCP/IP to reduce costs and improve performance. Many systems also employ direct communications between control and business systems to improve operational efficiency and manage production assets more cost-effectively.
This technical evolution exposes control systems to vulnerabilities previously thought to affect only office and business computers. Control systems are now vulnerable to cyberattacks from both inside and outside of the industrial control system network.
Security challenges for the control environment include:
- Diverse physical and logical boundaries
- Multiple sites and large geographic spans
- Adverse effects of security implementation on process availability
- Increased exposure to worms and viruses migrating from business systems to control systems as business-control communications become more open
- Increased exposure to malicious software from USB devices, vendor, and service technician laptops, and from the enterprise network
- Direct impact of control systems on physical and mechanical systems
No longer are fences and security guards adequate to protect industrial assets. Companies can be diligent in the steps they take to help secure their systems. A successful cyberattack can result in lost production, damaged company image, environmental disaster, or loss of life. The controls industry and its customers can apply Cybersecurity lessons learned from the IT world.
It is recommended to read the Cybersecurity Good Practices Guide. Download here: www.eurotherm.com.
Following are the recommendations to ensure cybersecurity:
| Recommendations | Description | ||
|---|---|---|---|
| Confirm digital signatures | Data Reviewer uses digital signature provided by ELECTRIC USA, INC |
||
| Time synchronization | It is recommended that the Reviewer server PC is time synchronized with a cloud time service or a system wide time source. This will ensure the timestamps in the logs are correct and help to prevent repudiation threats. | ||
| Certificate status | Windows should be configured to check the Certificate Revocation List (CRL) and enforce certificate revocation. This protects users from submitting confidential data to a site that may be fraudulent or not secure. The CRL Certificate Revocation List should be updated regularly. Where possible, Windows should be allowed to access CRL Distribution points:
If Windows has access to the Online Certificate Status Protocol (OCSP) services, this should be used. |
||
| Windows security policy | Windows should be configured to check the signature Timestamp | ||
| Customer verification | Should keep an offline system up-to-date (installing the update packages and CRL through a dedicated USB drive for example); Test on a pre-production system that the updates does not break the system; Updates can be rolled-back, if they break the production system. | ||
| Incident Response - Anticipate | Should have a mechanism to deal with invalid and revoked certificate |
||
| Disk encryption | To ensure data security, use a global disk encryption (e.g, BitLocker) | ||