Water and wastewater SCADA cybersecurity

[InfoSec News <alerts () infosecnews org>]

http://www.isa.org/InTechTemplate.cfm?Section=General_Information2&template=/ContentManagement/ContentDisplay.cfm&ContentID=94400

By Norman Anderson, P.E., and Bill Phillips, P.E.
InTech
September/October 2013

This article is based on presentations made at the 2013 ISA 
Water/Wastewater and Automatic Controls Symposium on 7 August 2013 
(www.isawwsymposium.com). Network security for water sector process 
control systems (PCS), such as supervisory control and data acquisition 
(SCADA) systems, is increasingly important and ever evolving due to the 
need for secure and reliable control systems. Additionally, PCSs continue 
to grow, and the management of network-connected devices and the expansion 
of PCS networks can be difficult and cumbersome. To properly secure PCS 
networks, a multistage process is needed incorporating risk assessment, 
planning, design, implementation, and maintenance for a comprehensive 
defense-in-depth strategy. A critical aspect of defense-in-depth is the 
overall network system architecture and the network segmentation plan. A 
properly planned and executed network architecture and segmentation 
strategy lays the foundation for security and simplifies expansion and 
maintenance of the network.

There are industry-accepted methods for industrial control system (ICS) 
network architecture and segmentation strategies that can be applied to 
water sector PCSs and SCADA systems. Industry-standard techniques, based 
on recently published standards and network design guides, are used to 
create a layered network architecture approach to security, including the 
use of logical subnets and virtual local-area networks (VLANs) for 
segmentation. The advantage of this approach is simpler configuration of 
network security appliances and simpler management and expansion of the 
network, leading to increased network availability and a reduction in 
threat risk. A case study will be used to provide examples of actual 
methods implemented for a water sector utility.


Overview

As cyberattacks and the threat of compromised network security continue to 
rise, so does the need for securing ICSs. ICSs include many different 
types of systems, with water sector PCSs being one of the higher profile 
targets because their critical infrastructure affects large populations. 
Past statistics from the Cyber Emergency Response Team show recorded 
cataloged vulnerabilities and reported incidents continuing to rise 
through the years. A set of “honeypot”1 ICS set up by Trend Micro to look 
like vulnerable power and water plants was attacked by hackers 25 times 
within 28 days. Security is important for the water sector because attacks 
can damage critical infrastructure that affects public safety; lead to 
significant operational downtime; cause financial loss, such as the loss 
of revenue for the utility and its customers; and attract significant 
media attention causing loss of confidence and fear from the public. There 
are many resources available that provide guidance on where to start and 
how to secure networks. In general, there are four key steps in the 
process of planning and designing to secure networks for defense-in-depth, 
as shown in figure 1:

[...]

--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/