Best Practices for Securing Industrial Control Systems

Please STOP using generic IT solutions for securing ICS/OT networks. It is very rare where you can "bolt on" an IT solution onto ICS/OT and have it be effective. Very rare. IT is "one-size-fits-all." ICS/OT is quite the opposite. Too many people deploy IT solutions in ICS/OT to realize: -> They've over paid -> They're under protected -> They're environment isn't reliable -> Ultimately, that they've made a mistake Do this instead: -> Conduct ICS-specific risk assessments to determine the gaps you need to address. -> Never stop improving. Addressed one issue? There's always another! -> Use network segmentation to limit connectivity between systems which limits the impact of incidents. -> Deploy network security monitoring to watch for operational AND security issues in the environment. -> Be proactive in identifying and responding to threats and alerts. -> Nurture an environment where OT and IT work well together, and WANT to work well together. -> Build your incident response plan so everyone, OT and IT, know how to work together to reduce the ultimate impact to people, the environment and the facility. We can assume IT security solutions and practices can be bolted on to ICS/OT and just work! Admittedly, I did when I first became interested in ICS/OT cyber security. But it doesn't work like that. Because ICS/OT doesn't work like IT. Each ICS/OT network is unique. Each requires its own unique approach. Custom-built just for it. From the ground up. Not with bolt on IT solutions. P.S. What steps to secure ICS/OT would you add?

In a recent discussion, the topic of event response in process environments came up. The group was a mix of IT, OT, and engineering roles and backgrounds. There was good input, with some 'IT-centric' perspectives, based on existing IRPs in place, focused on network security, isolation, segmentation, logging, SIEM, SOAR, EDR/MDR, SOC, IDS, IPS, etc. We widened the aperture, looking beyond Ethernet-connected devices like PLCs, HMIs, and Windows-based workstations and servers, addressing vulnerabilities and failures within the physical layer—field devices, instrumentation, and serial and industrial protocols (Modbus RTU, RS-485, HART/WirelessHART, PROFIBUS, and PROFINET, etc.) integral to safe and reliable process control. The significance of these layers can be common shortcomings in existing IRPs where security, IT, OT teams, asset & process owners, must converge in development of adequate response planning. Field devices (transmitters, actuators, sensors, and valves) and serial protocols represent the primary interface between digital control systems and the physical process. A failure or compromise at this level may not be detectable by conventional IT cybersecurity monitoring tools, more importantly can have cascading impact that takes place rapidly, degrading safety and reliability proportionately. Field-level anomalies frequently trigger, as mentioned previously, cascading impacts across multiple system layers. For instance, a malfunctioning RTD sensor feeding incorrect temperature values into a PLC could propagate through PID loops, triggering alarms or auto-shutdowns across unrelated systems. IRPs should consider PHA, SIS, process flows/lockouts, fail-safe, restoration sequencing/timing of process state. Resilience requires acknowledging the physical realities of field-level instrumentation, integrating vendor or component-specific tools and diagnostics, and aligning incident response with the deterministic and safety-critical nature of industrial processes. By addressing these gaps, engineering personnel, asset and process owners, in partnership with IT and security recovery teams ensure faster recovery, safety, productivity, and reliability, in the face of both cyber and physical disruptions.

📢 Exciting News: Zero Trust Guidance for Critical Infrastructure! 🏭🔒 I am thrilled to announce the release of our groundbreaking guidance paper, "Zero Trust Guidance for Critical Infrastructure: Applying Zero Trust to Operational Technology (OT) and Industrial Control System (ICS) Environments," now available for public peer review. As one of the lead authors, I had the privilege of collaborating with an incredible team of experts in the Cloud Security Alliance Zero Trust Working Group such as Jennifer Minella to create this comprehensive resource. Our aim? To empower organizations in the critical infrastructure sector to embrace Zero Trust principles and fortify their OT and ICS environments against ever-evolving cyber threats. In this paper, we delve into: 🔑 The unique challenges and considerations for implementing Zero Trust in OT and ICS environments 🌐 Practical strategies for segmenting and isolating critical assets 💡 Actionable recommendations for starting your own Zero Trust journey I believe this guidance paper will serve as a catalyst for change, driving the industry towards a more secure and resilient future. It represents a significant milestone in our collective efforts to safeguard the critical infrastructure that underpins our society. I invite you to explore the paper and share your thoughts during this 30 day public peer review period. Your feedback is invaluable in shaping the final version of this transformative resource. Together, let's redefine the future of cybersecurity in critical infrastructure! 🚀 Jennifer Minella Jason Garbis Erik Johnson Dr. Ron Martin, CPP Mark Fishburn Michael Roza Vaibhav(VB) Malik John Kindervag Dr. Chase Cunningham Jerry Chapman Christopher Steffen #ZeroTrust #CriticalInfrastructure #Cybersecurity #OT #ICS #CloudSecurityAlliance

Recent control system cyber cases can impact safe facility operation IP network hacks and ransomware may not be able to be stopped. That includes cyberattacks against control system vendors who offer “cyber secure systems” and cyber security services. Control system vendors provide systems globally including to China, and some also have design and manufacturing facilities in China. The Johnson Controls and Bently-Nevada cases are not the first time control system vendors have been attacked or control system device vulnerabilities have been identified. Compromising control system vendors can result in impacts on facilities’ reliable and safe operation as vendor backdoors and remote access support can be a route into the control systems and affect their reliable and safe operation. These cases, as well other vendors’ cases, raise the question as to whether the trade-offs between the need for remote access and cyber risk from remote access has been adequately addressed. There is a need to do the following: evaluate the cyber/physical risk trade-off between use of remote access or when local access is sufficient; provide control system cyber security training for engineers and network security staff to identify whether control system incidents are cyber-related; monitor the physics of the process sensors to ensure process sensor signals are correct and authenticated which also is an independent check of the OT networks; and include OSI Layer 2 security (IP Cloaking) to provide point-to-point security over OT networks and protect access to those networks with access authentication and packet/frame authenticity checks. https://lnkd.in/gsVsSfsx