Contents:
An industrial control system (or ICS) is a type of computer system that monitors and controls industrial processes and infrastructure. ICSs are used in a variety of industries, including oil and gas, chemical, water and wastewater, energy, food and beverage, pharmaceutical, automotive, and more. Each one operates differently and is designed to effectively manage duties electronically depending on the industry.
ICSs have become increasingly complex and powerful in recent years. In this article, we will explore the different types of existing ICSs, the various components of an ICS environment, the most common threats associated with internal control systems, and how to keep them safe from threat actors through actions such as patching for example.
Types of Industrial Control Systems
There are several types of industrial control systems used around the world, but the following are the most common ones:
Supervisory Control and Data Acquisition (SCADA)
SCADA systems are frequently employed in the pipeline monitoring and control, water treatment and distribution, and power transmission and distribution sectors of the economy.
It’s not a system that can provide full control, but it compensates with its capabilities of supervisory control. SCADA systems are made up of components that are dispersed over different places, most commonly Programmable Logic Controllers (PLC) or other commercial hardware modules. Such systems can acquire and transmit data, and furthermore, they are integrated with a Human Machine Interface (HMI) which provides centralized monitoring and control for a variety of process inputs and outputs.
The SCADA system is mostly used for remote monitoring and management of field sites via a centralized control system. A SCADA system can automate this process so that employees are not required to travel large distances in order to complete tasks or collect data. The opening and closing of valves and breakers, data collection from sensor systems, and environmental monitoring for alert situations are all controlled locally by field devices.
Distributed Control System (DCS)
DCS systems are used to control production systems that are found in one location. It is most commonly used in the manufacturing industry, oil refineries, electric power generation, and water and wastewater treatment.
In a DCS, a setpoint is communicated to the controller, which can then tell valves or even an actuator to operate in a way that will maintain the intended setpoint. Data collected in the field can be archived for future use, utilized for straightforward process control, or even combined with data from other parts of the plant to create sophisticated control plans.
In order to manage multiple controllers or devices involved in the overall production process, each DCS utilizes a centralized supervisory control loop. With it, industries have the ability to access production and operation data quickly. A DCS can also lessen the effect of a single defect on the entire system by using several devices during the production process.
It is also common for an ICS environment to be a hybrid of DCS and SCADA, with attributes from both systems.
Components of an ICS Environment
- Programmable Logic Controller (PLC): PLC is a type of hardware used in both DCS and SCADA systems as a control component of the overall system. Additionally, it offers local supervision of operations carried out by feedback control gadgets like sensors and actuators.
- IT and OT: the convergence between IT and OT provides enterprises with greater integration and visibility of the supply chain (which include critical assets, logistics, plans, and operation processes)
- Remote Terminal Unit (RTU): An RTU is a field device that is microprocessor-controlled and delivers data back to the MTU in response to commands.
- Control Loop: Hardware components like PLCs and actuators are a part of every control loop. Signals from sensors, control valves, breakers, switches, motors, and other similar devices are interpreted by the control loop. The controller will use the variables that these sensors have measured to carry out a task or finish a process;
- Control Server: Hosts the DCS or PLC supervisory control software and communicates with lower-level control devices;
- Human Machine Interface (HMI): Graphical user interface (GUI) which allows interaction between the hardware and the human operator;
- SCADA Server or Master Terminal Unit (MTU): a device used to send instructions to out-of-band RTUs;
- Intelligent Electronic Device (IED): A gadget capable of acquiring data, perform local processing and control, and communicating with other connected devices
- Data Historian: A centralized database for logging all process information within an ICS environment and exporting data to the corporate IS.
Common ICS Threats
Attacks against ICS systems are frequently focused attacks that leverage the entry point provided by the industrial control system to obtain access to the system and laterally migrate into the company.
Every ICS continuously integrates new technologies and applications in both IT and OT in order to enhance system functionality and productivity. Because IT and OT are now integrated, threat actors may target them more easily. Some of the ways in which attackers may gain access to these systems are:
- Lateral movement from IT network
- Direct access to Internet-facing systems
- Phishing attacks
- Vulnerable IoT and Internet-connected systems
The lack of security solutions used in OT infrastructure to secure legacy control systems like SCADA is one of their prevalent weaknesses. Additionally, businesses must deal with the growing security issues in cutting-edge technologies like cloud computing, big data analytics, and the internet of things (IoT).
How to Protect Industrial Control Systems
The U.S. Department of Homeland Security (DHS) compiled a list of recommendations you should follow if you want to protect your industrial control systems:
- Application Whitelisting: use application whitelisting to protect your infrastructure from potentially harmful programming;
- Configuration and Patch Management: by implementing configuration and patch management solutions your control systems will be constantly updated and secured;
- Network Segmentation: segment your network into logical parts and restrict host-to-host communication paths to reduce attack surface;
- Multi-factor authentication must be implemented, and the principle of least privileged (POLP) must be used;
- Secure Remote Access: implement strong authentication, access control, and encryption to prevent exploitation of the systems by unauthorized actors;
- Traffic Monitorization: monitor the traffic within the control networks and ICS perimeters;
- Review Access Logs;
- Golden Records: make sure to include golden records in tour systems so when restoring, you can roll them back to the last known good state.
How Can Heimdal® Help You
ICSs are one of the threat actors’ most targeted areas, as they can be used as entry paths inside the systems, giving them a good change to gain a foothold inside your company’s systems. Unpatched vulnerabilities are usually the entry points of attack for threat actors into ICS, but Heimdal®’s Patch & Asset Management solution will make sure that no vulnerabilities are left for threat actors to exploit.
As I mentioned before, the implementation of a patch management solution, especially an automated patch management solution, is recommended to ensure the security of your ICSs. Heimdal®’s Patch & Asset Management is an automated patching solution that will take away from you the burden of manually verifying and patching the devices in your network, and testing them prior to installation.
Being an on-the-fly solution, you will be able to verify and control the software from anywhere in the world, at anytime. The solution can patch any Microsoft (including Windows) and Linux OS, third-party, or proprietary software, plus, by being a completely customizable solution, you can have it tailored to the specific needs of your organization, leading to a more efficient, clutter-less process.
Heimdal® Patch & Asset Management Software
- Schedule updates at your convenience;
- See any software assets in inventory;
- Global deployment and LAN P2P;
- And much more than we can fit in here...
Wrappin’ Up
Industrial control systems provide a comprehensive solution to the challenges of monitoring and controlling operations in an industrial setting. Through the use of automation technology and careful programming, ICS can help to increase efficiency, reduce costs, and improve safety.
It is important to understand how these systems work if you are considering incorporating them into your business or facility. With this knowledge, you can make more informed decisions on what type of system best suits your needs and ensure that it will operate as efficiently as possible.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.