Account Management Concepts for ICS/SCADA environments
Introduction
Industrial Control Systems (ICS) are part of the Supervisory Control and data acquisition environments. These systems are responsible for the infrastructure of our cities and towns. ICS are used to control water distribution, electricity, some mass transit functions and other industry-related activities.Â
Traditionally, ICSes were air-gapped or had minimal network connectivity. Times have changed, meaning security needs have changed as well.
US-CERT has determined that there is an increased focus on gaining access to privileged accounts within the SCADA environments. Protecting these accounts is of the utmost importance.Â
There are two major security categories used to provide account management in SCADA environments:
- Manage authentication
- Monitor and respond
We’ll explore these in detail below.
Manage authentication
Managing user authentication includes all of the items related to minimizing the potential for bad actors to get access to a system and ensuring users are using their credentials in a proper manner.Â
One of the ways potential hackers gain access to a system is by using phishing techniques to get a privileged user to open a malicious email and deliver the payload. Another is using the same technique on a less privileged user and exploiting password weaknesses to elevate their privileges and wreak havoc on the system. This is why strong password policies and separation of duty practices are vital in protecting an ICS environment.
The protection of data, particularly sensitive data, is the heart of security objectives.
Controlled Use of Administrative Privileges and Controlled Access Based on the Need to Know are two CIS controls that are useful in implementing authentication management principles. Some steps to take to manage authentication include:
- Implement multi-factor authentication. This includes enforcing something you have, something you know and something you are. For example, forcing a user to input username and password (something you (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Tyra Appleby. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/Cuj35az5C94/