Intrusion Detection and Prevention for ICS/SCADA Environments


Although the target audience for this writing is information security professionals such as ICS & SCADA or automation managers and engineers, it may also be useful to other IT security enthusiasts as well. This is because securing industrial control systems (ICSes) and supervisory control and data acquisition (SCADA) environments is an area of increasing importance.

In terms of technology, our society has changed so much over the last decade or so that the aforementioned environments are now almost everywhere. They are an inseparable part of engineering fields, ranging from energy, automobile, aerospace, transportation, industrial process control, manufacturing and healthcare.

Unfortunately, these systems are gradually becoming a favorite target of hackers, especially those driven by political motivation. Unlike other cyberattacks, ICS/SCADA-oriented cyberattacks may affect critical infrastructure operations, inflict substantial economic losses, contaminate the ecological environment and even claim human lives.

The Stuxnet worm attack on the Iranian nuclear power plant Natanz, uncovered in 2010, is perhaps the most well-known instance of a security breach in cyberspace with physical consequences in the realm of ICS/SCADA security.

Prevention is the key  

Bruce Schneier once said that “prevention is best combined with detection and response.” Consequences of a security breach in ICS/SCADA environments may vary, so security teams should perform a thorough assessment of ICS systems to identify all kinds and levels of risk in order to put in place the corresponding safeguards.

National bodies, such as Public Safety Canada, have designed manuals of recommended best practices for organizations to follow which will facilitate the entire process of securing their ICS environments. These manuals outline security best practices in the following areas:

  • Network segmentation
  • Remote access
  • Wireless communications
  • Patch management
  • Access policies and control
  • System hardening
  • Intrusion detection
  • Physical and environmental security
  • Malware protection and detection
  • Awareness
  • Periodic assessment and audits
  • Change (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Dimitar Kostadinov. Read the original post at: