Industrial Internet of Things: how to secure your industrial control systems
The cyber security of operational technologies, such as SCADA, DCS or ICS, is facing a new challenge, which is threatening its very core concept: the Industrial Internet of Things (IIoT). IIoT is the new buzzword, which vendors are using to push open technologies further into the industrial realm. And as usual, cyber security is an afterthought at best. How to secure your industrial control systems? Find out in this blogpost.
One of the first questions to ask is: can we use the current ICS/SCADA cyber security concept, such as zones and conduits, for IIoT? In theory yes, but in practice it will be very difficult to implement the zones and conduits model, since by nature IIoT devices will introduce communication from Level 1 and 2 to Level 4 and the cloud. We could do business as usual and pass the traffic through each zone to the next and then to the cloud. But to enable this, we will have to modify the cyber security controls and increase the surface of attack for outsiders significantly.
However, what we are proposing is not a revolutionary change of the cyber security architecture, but an evolutionary change. Our suggestion is to keep your current zones and conduits architecture and to add an IIoT Highway architecture parallel to it.
The question is if we can use firewalls to control the interfaces between the IIoT Highway and the current infrastructure? Firewalls are more like Swiss cheese and less like an actual wall: they are full of holes. They are software running operating systems, both with bugs and vulnerabilities. Therefore, if you want to ensure some kind of control on one conduit, let us say the network connection between OT and IT, you actually need two firewalls of two different technologies, brands or countries.
Data diodes to control industrial control systems
In the end, we need the most secure way to allow communications into and out of the IIoT Highway. In that respect, there are two clear business cases: safety and non-safety systems. Safety systems shouldn’t be in the scope of the active optimization: their job is to keep the installation safe and they are not linked to the performance of the process (excluding accidental/malicious trips). Therefore, they could send messages into the highway but they shouldn’t receive any. Hence, one-way controls, such as data diodes, can and actually must be used to control the flow between the safety systems and the IIoT Highway.
Two one-way solutions
Non-safety systems will subscribe and publish messages. Thus, the classical one-way control doesn’t seem applicable, but two one-way controls in opposite directions are. They do offer much more security than a firewall. Indeed, two opposite direction data diodes offer a true protocol break: no single TCP/IP connection will go from one side to the other. Moreover, they will offer the opportunity of application level break as well. Because of the one-way characteristic of the data diode, the MQ-like protocols will have to be translated into one-way protocols, which could be combined with data-sanitization and transcoding to eliminate XML embedded malware. What we will lose in flexibility (any message formats are accepted), we will gain in stability and interoperability in terms of common message format with strict enforcement of restrictive XML Schema Definition.
Want to know more about the benefits of a data diode for your industrial control systems? Discover more here.
Written by Gilles Loridon whom is CEO at Global Security Network (GSN) in the United Arab Emirates.
GSN is a Fox-IT DataDiode partner.