ICS Cybersecurity: PAM and Securing Industrial Control Systems
Industrial entities typically run two parallel sets of information technology systems: Corporate IT and Industrial Control Systems (ICS). Due to the proprietary nature of most ICSs and their unique usage requirements, ICSs tend to have quite different security capabilities from their corporate IT brethren.
This is not a bad thing, per se. Industrial systems are often better off being essentially closed to users outside the shop floor. However, as corporate supply chains grow more complex and other trends such as the Internet of Things (IoT) gain ground, ICSs are increasingly exposing themselves — and corporate IT — to an array of cybersecurity threats. Access controls form part of the mitigation of this new risk exposure. In this article, we will explore how Privileged Access Management (PAM) tools can help solve ICS cybersecurity concerns.
ICS vs. IT
When you see a video of giant robots welding car frames in an auto plant, you might not realize just how much software and network activity is going on behind the scenes. It’s not like the robots just decided to weld some cars out of the blue. There is highly sophisticated collection of ICS tools at work. ICSs manage the production workflow, measure processes, execute digital designs, help to ensure consistent product quality, and guard against accidents.
The ICS is usually set up and administered independently from the mainstream corporate IT systems that everyone else uses. The IT department generally does not get too closely involved in running ICSs. There are many reasons for this, but at the root is the proprietary nature of ICSs. ICS hardware and software is almost always purpose-built for specific manufacturing processes. Even if an ICS runs on Windows or Linux operating systems, the makers of the ICS have usually hardened the operating systems to the extent that the IT department couldn’t modify them even if they tried. ICSs also typically run on their own, non-IT controlled networks.
The split between ICS and IT has many benefits. Managing industrial operations is different from IT or even running a business in general. It’s highly specialized work. Industrial process managers don’t want IT people getting into their systems. Indeed, the stakes can be high. If you’re running an oil refinery, a botched system upgrade could cause an explosion. If you’re running big industrial robots, a network problem could get someone killed.
ICS Cybersecurity Risks
Until a few years ago, having ICS as an island itself had relatively little impact on security. A few things have changed, though. For one thing, industrial infrastructure is being targeted by aggressive, advanced cybercriminals and malicious foreign entities. Whether their goals are to steal intellectual property or disrupt industrial production, these bad actors are a real threat to industrial processes and ICSs that manage them.
ICSs also used to be quite separate from the Internet. There were few reasons why anyone outside a plant would need remote, Internet-based access to an ICS. The ICS had little reason to access outside networks, too. This is no longer the case. The rise of global, multi-entity supply chains, extensive third-party alliances and the IoT have brought the ICS into much closer contact with the outside world.
Finally, there’s accountability. In many industrial organizations, the CISO and IT department are being tasked with all security, including that of industrial operations and ICSs. The CISO is on the hook if the plant gets hacked by a foreign intelligence service. As a result, he or she now wants influence and control over security affecting the ICS.
It’s not a minor challenge. Securing an ICS means defending an architecture and access control scheme that differs significantly from what’s found in the standard corporate IT setup. Figure 1 depicts the standard ICS reference architecture, based on industry standards. At Level 0 there are the physical industrial processes themselves. Level 1 contains control and monitoring. Level 2 is supervisory. Levels 3 and 4 represent connectivity with the plant IT system and the broader corporate network.
Providing coherent security across the architecture shown in Figure 1 is challenging. Corporate security managers have what amounts to an opaque operation going on inside a network they don’t control. They don’t know who is doing what, in terms of system administration — a bad setup for risk management. It gets worse, though.
The actual interconnections between the ICS and external entities looks more like the map shown in Figure 2. You have the plant’s systems connecting with customers, suppliers, accounting, sales , and so forth. It’s a big mess, in security terms. If you’re the CISO, you want to be sure that no malicious actor is using access to the ICS to gain entry into your main corporate networks. And, you don’t want to be responsible for what happens if a hacker gets inside the ICS, nor would you want to deal with an insider attack, careless and insecure conduct by employees, or revenge from former employees.
The Role of PAM in Mitigating ICS Cybersecurity Risks
Having control over administrative access to the ICS is a firm countermeasure to the threats posed by having separate ICS and corporate IT systems. If you know who can and who cannot get into the back end of an ICS and make changes, you will have stronger security for that ICS as well as the overall corporate network. And, if you can monitor their administrative sessions, you will be better prepared to handle a security incident in the ICS should it arise. This is the domain of Privileged Access Management (PAM).
PAM combines processes and tools to ensure that only administrators with proper access rights can log into back-end systems. A PAM solution provides a secure, streamlined way to authorize and monitor the activities of all privileged users, including those for the ICS. It centrally manages access over both IT and ICS systems, enforcing policies that restrict privileged users from bypassing security systems. It grants privileges to users only for systems on which they are authorized.
Access is only granted when it’s needed. Access is revoked when the need expires. For example, if a process engineer has the right to administer the settings on a set of industrial sensors, he or she should lose that privilege if they change jobs or leave the company.
PAM Tools to Address ICS Cyber Security Risks
WALLIX’s PAM tools offer a PAM solution that addresses ICS security risks. The Bastion does this by establishing a single gateway with single sign-on for access by system admins on both the corporate and industrial sides of a business. With the Bastion, you can define and enforce access policies for industrial managers, IT managers and any other employee who needs system access.
The Bastion’s Session Manager monitors privileged users’ session activity in real time in order to provide a comprehensive audit trail. The tool can be configured to intervene automatically when user access policies are breached. By assigning each access to an actual identity, the Session Manager ensures that all users are accountable for their actions. Then, by creating an unalterable audit trail for any privileged operation, it speeds up the process of interpreting what might have gone wrong in an incident.
The WALLIX Bastion features an agent-less architecture. This approach eliminates the risk that changes in protected systems will require extensive revamping of the PAM solution. In contrast, many other PAM solutions require a dedicated software agent on each administered device or workstation. Dedicated agents can delay PAM implementation and create difficulties when applications get upgraded.