“The further backward you look, the further forward you can see,” Winston Churchill once said of the lessons to be learned from history. Turns out, the same principle applies to ensuring the security of process control systems.
“The firewall is important, but it’s only one piece,” said Byres Security CTO Eric Byres of the need for process automation professionals to consider a multi-tiered approach to cybersecurity.
Indeed, when it comes to cybersecurity—that is, the protection of process control systems from digital disruption—we, as an industry, tend to rely on techniques that the IT world gave up on 10 years ago, said Eric Byres, CTO of Byres Security, in an address to the Yokogawa Users Conference this week in Houston.
The outdated approach is called the bastion model, and the term refers to the ancient and time-honored strategy of building a wall or digging a moat and assuming you’re protected. In the case of process control, the outdated model manifests itself as an over-reliance on a single firewall between control systems and business systems for cybersecurity protection.
“It simply doesn’t work,” said Byres, referring to the Maginot line, built by the French along its German border after World War I. (In World War II, of course, Germany simply bypassed the line by invading Belgium first.)
In more recent times, in at least three different control system cyber events involving the Slammer virus, there was a well-designed firewall in place. “The firewall is important,” Byres said, “but it’s only one piece.”
Even more disturbing, Byres recounted a recent survey of 37 “professionally” installed IT firewalls. The survey indicated that 80% were improperly configured to ensure adequate network security. And these were configured by networking professionals! “The commands are simply too complex,” Byres said. “If we don’t make security more understandable, we’re doomed.”
To begin to overcome this outdated mentality, Byres recommends that process automation professionals consider a defense-in-depth strategy employing multiple layers of security. Industrial-strength firewalls at the network boundaries are step number one, but internal subsystems should also be segregated by firewalls to ensure that an intrusion doesn’t propagate unimpeded through a plant—or a company’s—entire infrastructure. Further, protection of edge devices such as PLCs—which are notoriously vulnerable to even simple cyber attacks—with simple-to-deploy security appliances also is necessary.