The U.S. Dept. of Homeland Security (DHS) released its report, "Seven Strategies to Effectively Defend Industrial Control Systems (ICSs)," this past December. It provides procedures that can be implemented immediately to counter common, exploitable weaknesses in control systems. Access the report here.
Drafted by the National Cybersecurity and Communications Integration Center (NCCIC), the report states, "In fiscal year 2015, 295 incidents were reported to the Industrial Control Systems Cyber Emergency Response Team, and many more went unreported or undetected." As a result, the seven strategies are:
- Implement application whitelisting to detect and prevent execution of malware;
- Ensure proper configuration and patch management centered on safe implementation of trusted patches;
- Reduce attack surface areas by isolating ICS networks from untrusted networks, especially the Internet, locking down unused ports, turning off unused services, and only allowing real-time connectivity to external networks if there's a defined business requirement or control function;
- Build a defensible environment by segmenting networks into logical enclaves, and restricting host-to-host communications paths, while letting normal system communications continue;
- Manage authentication by implementing multi-factor authentication where possible, and reducing privileges to only those needed for a user's duties;
- Monitor and respond by checking Internet protocol (IP) traffic on IC boundaries and within the control network, and using host-based product to detect malicious software and attempted attacks;
- Implement secure remote access by finding obscure access vectors, even "hidden back doors" created by system operators, removing them wherever possible, especially modems that are fundamentally insecure, and limiting any access points that remain.