Most critical infrastructure control systems were not designed with security in mind, and history has proven that these systems are vulnerable to attack and to performance failures. Truth be told, many plant networks were designed to be “air gapped” – they were never designed for connectivity to business networks, or for remote access from other networks. However, it turns out that simply applying proven enterprise security policies to control systems is not the answer. 

So how should security executives secure their critical revenue-generating assets where the risk of a security breach has not only significant economic and social impact, but potentially physical, life-threatening impact as well? More still, what do enterprise security professionals need to know about this environment to work with the operations staff to properly secure and defend against these threats?

In contrast, operations personnel looking at the enterprise network connected to the control network see a source of attack that is not under control. Operations computers and networks tend to be under tight physical security and tight change management controls. 

In the end, both perspectives are aspects of the greater truth and both perspectives must be taken into account when securing control system assets.

 
Case in point: Governance/Risk/Compliance inspired regulations focus first on confidentiality, then integrity and availability. Operations inspired standards focus on safety first, which means availability and integrity are critical. The biggest difference is that control systems are often directly connected to pipelines, electrical grids, water supplies and chemical plants. Undoubtedly, a security breach here can have severe consequences including loss of revenue, environmental damage, power outages and even loss of life. As a result, the imperative for security is seen as an aspect of the imperative for safety.

Clearly, security solutions that protect critical infrastructures need to be designed and optimized for control networks. Some of these unique requirements include:

• Recognition of the importance of perimeter protection and internal monitoring for safety critical systems that cannot tolerate after-market changes that focus on intrusion prevention;
• Recognition of unique network protocols so as not to cause unnecessary alerting;
• Configuration of control system intrusion sensors to detect the known, good traffic and alarm on anything else;
• Careful design in adding host intrusion detection sensors so that they consume minimal CPU and network bandwidth to avoid disrupting time-critical operations; and,
• Support for access control for remote devices such as PLCs, RTUs and distributed controllers.