Weekly Executive Summary for Week of March 17, 2017

Industrial Control Systems Security Best Practices

Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems are increasingly being targeted by cyber attacks and need to be more secure than ever.  These systems are vital to the entire population because they control and manage large industrial plants that produce electricity, oil, gas, water, manufacturing and transportation. When these systems are attacked, the aftermath can be devastating.  Following some of the basic cybersecurity best practices can help reduce the amount of successful attacks on these control systems.  The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has published recommended practices when it comes to ICS and SCADA systems.  Below are most of the best practices along with the link for more details and the full document.  These documents provide an efficient framework for protecting a ICS or SCADA system and will ultimately mitigate attacks like Stuxnet.

Defense-in-Depth – Implementing layered security in ICS and SCADA systems create an aggregated, risk-based security posture that helps to defend against cybersecurity threats and vulnerabilities.
Cyber Forensics Plans – Using cyber forensics in ICSs can be difficult because of the proprietary technologies and legacy architecture, but creating a feasible cyber forensic program can aid in supporting the security posture of systems.
Incident Response Plan – Having a plan to prevent and respond to a cyber incident is key to strengthening the systems security posture.  This document will focus on the unique aspects of the industrial control systems  and how to strengthen the systems from potential attacks.
Firewall Deployment – Network segmentation and isolation is one of the key factors in protecting your ICS and SCADA systems.  This document will focus on configuring a DMZ on the firewall to provide the most effective network security solution.
Patch Management – A critical component in protecting any infrastructure is ensuring that the security posture of the control systems is exceptional.  Patch management and patches are vital in resolving security vulnerabilities in any system.
Securing Modems – This document provides guidance on analyzing the risks associated with modems and their use in an organization and offer useful methods for creating a layered defense architecture that will protect systems that utilize modems for connectivity.
Remote Access for ICS – This document provides support on remote access for ICS and SCADA systems and how to deploy this service in a manner to mitigate risks and vulnerabilities within the environment.

Sources:
ICS-CERT Recommended Practices
Breaches on the Rise in Control Systems

Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu