How To Improve SCADA Security
Buy custom How To Improve SCADA Security essay
The Industrial Control System (ICS) and the Supervisory Control and Data Acquisition abbreviated as SCADA are some of the most critical infrastructures in the world. However, these infrastructures are being exposed both to external and internal threats and as a result need to be protected by one of security’s best practices. It therefore requires that when purchasing various components associated with SCADA from vendors, essential research be carried out. The American government ought to be committed to secure SCADA networks by researching on their best practices. The main objective of this paper is analyze security best practices and risk assessment of SCADA and the ICS.
The main reason why SCADA and ICS need to be protected is due to an insecure connectivity to the traditional network systems for convenience purposes. Also, there are various vulnerabilities that are observed in their applications and control systems. The government has responded by publishing security guides and the best practices in the industry. The NIST and other best practices have been published for IT through establishing of the Industrial Control System Security Project (ICSSP). NIST has also released a more targeted security guide with special focus on industrial control system.
The 2010 guide of Center for Protection of National Infrastructure instituted some security alterations and provided justifications for their implementations. The US department of Homeland Security also released an inclusive that gave explanations regarding technical vulnerabilities and its justifying aspects. The authors, Francia, Dawson & Thornton, give the recommended practice in report titled Improving Industrial Control Systems Cyber security with Defense-In-Depth Strategies. Hundreds of cyber security standards have been imposed by the government in order to provide for the best practices. The standards contain compliance controls that translate as the best control practices. Knapp & Langil (2011, Pg 303) argues that some of the differences among the various regulations and standards can prove to be of great value when securing an industrial network. SCADA connections networks are classified as either local area networks or internal local area. This is done to ensure SCADA has the highest degree of security system even from other network connections. This is because outside connections introduces extra security risks especially those that connects to the internet. Although these outside connections do create a pathway to or from the internet providin an opportunity for information to be conveniently passed, insecure connections are basically not worth the risk. This implies that the SCADA network should be secluded to provide the required security. This means that strategies like DMZs ought to be designed and be implemented properly to ensure introduction of additional risk that may be as a result of improper configuration. This is done by conducting a vulnerability test or penetration test to the SCADA network in order to evaluate the protection posture that is associated with the same pathways. It is important to have firewalls and IDSs with other appropriate security measures because the SCADA network is only safe as its weakest spot, it is important to have intrusion systems (IDSs), firewalls, and other appropriate security measures at each point of entry implemented.
It is important to configure firewall rules to prohibit access from and to the SCADA network as well as being specific as possible when permitting approved connections. For example, an independent system operator (ISO) should not be granted blanket network access just because there is need for connection to some components within the SCADA system.
Concerned parties should ensure that SCADA control servers built on open operating or commercial systems are protected as they can be exposed to attack through default network services. This can be done by removing or disabling unused services and network daemons to reduce the risk of direct attack. This is particularly important when SCADA networks are interconnected with other networks. It is important not to permit a service or feature on a SCADA network unless a thorough risk assessment of the consequences of allowing the service benefits outweighs the potential for vulnerability exploitation. Example of services to remove from SCADA networks include automated meter reading and remote billing systems, e-mail services and internet access.
SCADA systems are unique proprietary protocols and often such systems’ security is solely based on their secrecy. However, obscure protocols provide very little real security and do not rely on factory-default configuration settings or proprietary protocols or to protect your system. Older SCADA systems were made without any security features. The SCADA system ought to insist owners must insist that their system vendor implement security features in the form of product patches or upgrades. However, the newer SCADA devices are distributed with basic security features which are usually disabled to ensure easy installation. Factory-default security settings are often set to provide the best possible uusability, but minimal security. All security features are set to provide a maximum level of security and only allow settings below maximum security after performing a thorough risk assessment of the costs of reducing the security level.
Strong authentication is an obligation to be implemented where vendor connections are in SCADA systems. This is to ensure that we have safe and secure communications. Any wired connections like modems that are used for communications are a representation of how the SCADA network is vulnerable. Successful war driving attacks may well allow an attacker to bypass all other controls and a direct access to the SCADA network system. Such a risk of attack can be minimized by disabling the inbound access and replace it with some type of a callback system.
To respond effectively to cyber attacks, it is important to establish an intrusion detection strategy that includes alerting network administrators of malicious network activity originating from the internal or external sources. An intrusion detection system that monitors is essential 24 hours a day, a capability easily set up through a pager. Incidence response procedures must be in place to allow an effective response to any attack. To complement network monitoring it is vital to enable logging on all system logs daily to detect suspicious activity as soon as possible.
For effective security effectiveness, technical audits of SCADA devices and networks are critical to continuing security effectiveness. Although the tools do not solve systemic problems, they can help in eliminating resistance paths that an attacker could exploit. Identified vulnerabilities can be analyzed to establish their implications and take counteractive actions as suitable. These corrective measures can also be analyzed and tracked to aid in identifying the trends or even retesting systems after they measures are taken (Krutz 2005).
SCADA and ICS systems need to be protected by security best practices as they are increasingly exposed to internal and external threats. We have seen that the government of America is committed to securing their SCADA networks and the way to do it s to research on the best security practices. The 2010 guide of Center for Protection of National Infrastructure has paired practical security adjustments with solid justifications for implementing SCADA security systems. The government need to do more research on how to protect SCADA more effectively especially from potential hackers located all over the world.
Buy custom How To Improve SCADA Security essay