The chemical industry is an appealing target for adversarial agents. Cyber attacks on chemical facilities can cause very real risks to the health and safety of people and the environment. Ransomware attacks succeed because of the criticality of production running smoothly and continuously. Espionage incursions target intellectual property, banking on the high value of each organization’s research and development investments.
By focusing on the five core principles of industrial control systems (ICS)/operational technology (OT) cybersecurity, organizations can ensure that they have the processes, technology, and culture in place to operate securely and with confidence.
While you can’t prevent adversarial agents from launching cyber attacks against your business, you can take steps to protect your ICS/OT environment. Using the 5 critical controls identified by the SANS Institute, a leading cybersecurity research and training organization, we have identified actions that can dramatically reduce or eliminate the impact of an attack.
1. ICS Incident Response Plan
An OT-specific incident response plan starts with engineering and operations. Work with your experts to understand how they run and recover their operational units and what systems are necessary to operate. Operations are often the first to identify systems that are malfunctioning and understand that it could be a malicious actor. The response plan should include identification and escalation steps, incident declaration thresholds, and incident commander roles.
2. A Defensible Architecture
A defensible architecture is, as it sounds, an environment that you (as a defender) can protect. At its core is segmentation. A demilitarized zone often creates segmentation between information technology (IT) and OT that ensures that an attack can be contained in one environment without breaching the other. Security controls like firewalls help create zones and provide the conduit interface for traffic control. These controls create choke points where network monitoring solutions can be utilized. By putting these preventative and detective controls in place, you gain the ability to see what’s going on and quickly act on it. In addition, by segmenting your network and avoiding a flat, wide network in which one computer can communicate with every other computer, you build out your network in a way that reduces cyber risk.
3. ICS Network Visibility and Monitoring
Visibility plays a crucial role in most cybersecurity controls, providing information to scope and define the problems that need solving. Asset inventories, change configuration management, vulnerability management, detection of rogue access points, threat detection, etc., are all enabled through better visibility within an environment.
4. Secure Remote Access
Multi-factor authentication (MFA) has become increasingly popular in the consumer space, as we enter codes texted to our phones to log into systems like online banking. MFA works similarly (albeit with more complexity) in an OT environment and is especially important for granting remote access to users. Where MFA is not possible, consider alternate controls with focused monitoring. The focus should be placed on connections in and out of the OT network and not on connections inside the network.
5. Risk-Based Vulnerability Management
Vulnerability management is one of the challenging areas in OT. Unlike IT, where it’s relatively easy (and tremendously important) to consistently update and patch systems, OT may not be able to take a system offline to patch it for months or even years. The compatibility of OT systems plays a role as well. For instance, you may need a vendor to authorize a patch because you can’t install anything without approval due to the interconnectivity and potential impact on other systems. Those connections require analysis, which takes time and resources.
Dragos is proud to empower the chemical industry with technology and services that help keep organizations’ people, plants, and data secure. To learn more, download our whitepaper.