This month, it’s time to take a look at both virtual and physical access for process control systems security. When both of these areas are addressed, infrastructure is better protected from on-site and remote attacks. The American Water Works Association (AWWA) offers guidance on these topics. Here’s a quick overview.
Telecommunications, Network Security, and Architecture
The wired and wireless aspects of network infrastructure come under scrutiny in this phase of cybersecurity. On a physical level, computer rooms, network server closets, and individual cables should be secure from tampering. Port level security can serve as a second layer of protection if physical security is compromised. It shouldn’t be possible for anyone to simply plug a device in to an open port and gain access to (and control over) the system.
In the virtual sphere, data must be secure as it travels from point A to point B. On the network level, using dedicated hardware, separate IP subnets, and virtual local area networks (VLANS) can make systems and processes easier to protect both within the server architecture of the organization and where the network must interface with field equipment and 3rd party systems. It may be wise to create an architecture that allows for critical equipment to continue operating in isolation (in the event that other parts of the network are compromised).
More about Physical and Network Security
In the words of the AWAA “Once physical access to a network device or server is achieved, compromising equipment or systems is usually a trivial matter.” That’s a chilling thought given the percentage of malicious security breaches that are carried out by internal parties (about 25% according to a 2014 Forrester survey). For critical infrastructure, it is vital that only authorized personnel have access to hardware—and only for needed activities. Control rooms, removable media, cabinets, ports, and communication pathways should all be hardened against intrusion.
Physical locks and electronic access control help keep unauthorized personnel away from critical equipment while monitoring systems provide an alert of potential trouble. Security information and event management (SEIM) detection within the network can also report on anomalous activity in real time. In some situations, video surveillance may be beneficial for identifying unauthorized entrants. But bear in mind that prevention is always the primary goal. As with all monitoring programs, having personnel in place to evaluate and swiftly respond to incidents is essential.
Operational Security and Service Level Agreements are up for exploration next month!