Jan. 07, 2021

Local access of ICS devices: a cybersecurity perspective

  • Article
  • cybersecurity
  • ICS
  • industrial control systems

While cybersecurity risks and concerns are not new to industrial operations and critical infrastructure, there has been a huge increase in cyber attacks and breaches over the last few years. This increase is being driven by several complex factors, such as the Internet of Things (IoT), Industry 4.0, legacy devices, open source hacking tools and a general lack of cybersecurity maturity for industrial control system (ICS) environments, just to name a few.

This blog article reviews a few options to consider as cybersecurity tools for local access management of ICS devices (e.g., protection relays, RTUs, PLCs, HMIs, etc.). Access management of ICS devices can be challenging due to a variety of factors, such as the sheer volume of end devices, travel time to remote locations, management of third-party contractors and maintenance personnel, and the lack of dedicated resources to manage appropriate access.

  1. Although these challenges may seem daunting, doing nothing to address these risks will eventually lead to an incident that impacts production, safety, reputation or the environment. By implementing even the simplest form of controls, industrial businesses can see significant improvements in their overall cybersecurity posture.

    Access Management Options

    Centralized multi-function cybersecurity tools can provide excellent benefits when deployed properly. However, this option might not be appropriate for smaller businesses and facilities with more restrictive budgets and for those with a lower level of cybersecurity maturity.

    The table below lists a few options to consider, but it is important to remember these will be limited to the capabilities of the ICS devices. As a general rule of thumb, it can be advantageous to have more than one method in your toolbox of options. It should also be noted that most of the options listed have free open-source alternatives, although these may lack some features or user interface refinements.

    Finally, it is important to highlight that the access management options discussed are for local electronic access, and a dedicated remote access solution must be considered if remote access functionality is required. In this case, this means implementing an intermediate termination point (e.g., DMZ) for remote users and enforcing multi-factor authentication, among other recommended good practices. For more details on remote access considerations, refer to this blog article.

  2. Conclusion

    Local access management of ICS devices has some considerable challenges, but there are relatively simple and cost-effective options available. By implementing access management tools for ICS devices, the operational facility and business will have an improved cybersecurity posture. Although this blog article focuses on local access management tools, a similar approach can be taken with other types of cybersecurity tools (e.g., configuration management, threat monitoring, patch management, etc.).

    In order to reduce the risk and the time it takes to implement cybersecurity solutions, it is recommended to stage and execute validation tests, proof of concept (PoC) tests or other integration tests in a comprehensive industrial cybersecurity lab.

    BBA’s lab has demonstrated its added value in numerous projects. An off-site lab environment can vastly facilitate your project’s success of a large-scale deployment of your cybersecurity tools/solutions across your ICS operating environment.

    If you have any questions or want to learn more, feel free to contact us.

This content is for general information purposes only. All rights reserved ©BBA

Let’s
think it further
together
Contact us