The advent of Supervisory Control and Data Acquisition (SCADA), and Industrial Control Systems (ICS) generally can be described as a synthesis of IT and previously existing industrial and processing systems. Despite ICS/SCADA having the proverbial DNA of IT (and information security) coursing through its veins, its approach to security is significantly different.
This article will provide a high-level overview of the following: an introduction to SCADA security, ICS/SCADA access controls, identification and AAA for ICS/SCADA environments, physical security for ICS/SCADA environments, ICS/SCADA security technologies and tools, security controls for ICS/SCADA environments, ICS/SCADA threats and threat actors, the role of resiliency in automation in ICS/SCADA security, ICS protocols and ICS/SCADA security specialist/technician role.
Introduction to SCADA security
The priorities of SCADA are availability, integrity and confidentiality, unlike IT security, which orders its priorities as confidentiality, integrity and availability.
There are three main approaches to SCADA security. The first is hardening the perimeter, which is normally combined with SCADA system isolation (air-gapped). The second approach is defense-in-depth, where multiple layers of security are used beyond a hardened perimeter. Last, for organizations that use remote access, remember that securing remote connections is essential. Successful SCADA security combines the three approaches where appropriate.
ICS/SCADA access controls
The ICS/SCADA environment should be limited to necessary personnel only, and access control is the mechanism for enforcing this. This need may be based upon shift, position, rank or any other classification that is useful to the plant.
There should be two forms of access control for authorizing users — physical and logical. Examples of physical include access cards, pins, keys or biometrics, and an example of logical access controls includes using different levels of access for personnel. Access control should be highly reliable and should not interfere with the duties of plant (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/1kqoPAE-aS0/