Against the background of the growth of cyberattacks in the industrial sector, the Croc IT company compiled a checklist for the network security of industrial control systems. The company’s experts, based on many years of project experience, described a step-by-step algorithm of actions that can secure the IT infrastructure of an enterprise.
According to statistics, cybercriminals managed to compromise at least thousands of industrial organizations around the world in 2021. Targeted attacks most often focused on oil and engineering companies, as well as the energy sector. The main threat landscape was represented by resources from the Internet, pluggable external media, and malicious email attachments.
According to Krok experts, the ICS network security checklist includes, first of all, the implementation of echeloned protection when interfacing technological and corporate loops: ensuring network segmentation and filtering traffic using industrial firewalls. Industrial automation facilities should be equipped with centralized monitoring components, as well as intrusion detection and prevention systems. Access from remote workstations must be carried out using the VPN client configuration, two-factor authentication, anti-virus protection, means of control of subscriber devices and user actions. This set of tools and algorithms of actions will create a closed secure environment in which all objects at the network level interact through secure and controlled communication channels.
“Innovation in networking enables not only enhanced threat protection, but the flexibility to scale and reshape the network, and adapt the ICS ecosystem to changing business requirements such as remote and hybrid support. The design features of firewall systems for manufacturing enterprises are associated with a complex hierarchical structure in which there are many industrial protocols. The ICS landscape affects the critical information resources of organizations; therefore, it is strategically important to build a fault-tolerant and scalable IT architecture, ”noted Andrey Zaikin, Head of Information Security at Krok IT Company.
New types of attacks can be detected even without signatures and correlation rules
Information security of critical facilities is inextricably linked with the security of the process control system. Connecting industrial automated systems to a corporate network can lead to threats of interception of control of a technological process from anywhere in the world without direct physical access. In order to protect the APCS from possible illegitimate access, it is necessary to conduct a security audit and implement tools to control the infrastructure. Krok experts recommend building a comprehensive information protection system, including modern software protection tools, all security regulations and policies, as well as competent personnel trained in administration and keeping the system up to date.
“The Russian ICS market has adapted to the existence of sanctions and has grown significantly over the past five years thanks to large infrastructure projects, including in the oil and gas and chemical industries. Regulators’ requirements for the safety of process control systems for critical infrastructure facilities (CII) are also growing. In connection with the need for CII facilities to implement the prescribed protection measures and ensure interaction with the GosSOPKA centers, for most industrial enterprises the need to implement centralized monitoring, analysis and information security management systems is becoming more and more obvious, ”noted Igor Zeldets, director of business development at the Croc IT company in the oil and gas and chemical industries.