Protecting control systems

Industrial control systems are essential to our daily life. They control the water we drink, the electricity we rely on and the transport that moves us all. It is critical that cyber threats to industrial control systems are understood and mitigated appropriately to ensure essential services continue to provide for everyone.

Providing cyber security for control systems present several unique challenges, including:

  • lack of security in engineering protocols
  • the need to re-test engineering systems after upgrades
  • long life-cycles (20 through to 50 years)
  • the addition of many IT protocols, such as network time protocol (NTP) and address resolution protocol (ARP), to the engineering environment
  • control environment devices may not be set up to receive or respond to messages from standard IT debugging and analysis tools

Mitigation guidance

Understand your threat environment

Before appropriate mitigations can be chosen, you must understand:

  • Who might target your organisation?
  • What particular infrastructure might they target?
  • How bad could the impact from an attack on each of the parts of your infrastructure be?

Threat modelling your organisation will help answer some of these questions to identify what systems are critical for delivering essential services, and will allow you to appropriately set priorities and budget for cyber hardening activities.

Essential control system mitigations

Here are some essential mitigation strategies you can implement to protect your industrial control systems from a range of cyber threats. Use them where appropriate based on the outcomes of threat modelling activities.

1.      Tightly control or prevent external access to the control system network; segregate it from other networks such as the corporate network and the Internet.

2.      Implement two-factor authentication for privileged accounts and access originating from corporate or external networks.

3.      Disable unused external ports on control system devices.

4.      Visibly mark authorised devices inside the control system environment with organisation-unique anti-tamper stickers.

5.      Make regular backups of system configurations and keep them isolated. Test the restoration procedure and validate the backup integrity periodically.

6.      Regularly review firewall settings are in an expected state.

7.      Prevent devices inside the control system network from making connections to the corporate network or the Internet.

8.      Enable logging on control system devices and store logs in a centralised location. Institute regular monitoring and incident response practices to ensure that anomalies are identified, investigated and managed in a timely fashion.

9.  Define a process for introducing external software and patches into the control system. Where necessary (on exceptionally critical components), review code and whitelist approved binaries.

10.  Use vendor-supported applications and operating systems, and patch associated security vulnerabilities in a timely manner.

Additional reading

For more guidance and mitigation options, see the following documents: