Zero Trust security for industrial control systems
One of the key drivers of the Fourth Industrial Revolution (Industry 4.0) has been the convergence of the physical and cyberphysical worlds. Whilst this has facilitated significant technological progress, the proliferation of IT-OT convergence and digital transformation in industrial control systems (ICS) has also exposed global critical infrastructure assets to security vulnerabilities that could have disastrous consequences for plant operators. A key philosophy that has gained in popularity, in tandem with this convergence, has been the Zero Trust security architecture framework which was first published in 2010 and has since gained a lot of momentum within the global cybersecurity community in all industry verticals. It is now commonly perceived as the answer to the growing number and sophistication of cybersecurity threats. However, is Zero Trust the Holy Grail of all security frameworks and should it be applied to ICS infrastructure assets?
You might be wondering: what is Zero Trust? In simple terms, Zero Trust is not a solution, it’s an extensive security framework that requires all system users, including computing devices, to be continuously authenticated and authorised prior to granting or keeping access to system applications and data. Zero Trust operates under the notion of ‘least privilege’, which translates to providing minimal system access to the extent of users and operators being able to perform the required system functions. Zero Trust architecture is underpinned by a combination of advanced security technologies such as multi-factor authentication (MFA), identity and access management (IAM), network segmentation and next-generation end-point security protection such as network firewalls and intrusion-prevention systems — all of which are now available for ICS assets in most industry verticals.
Now the question is, should Zero Trust be applied to ICS infrastructure? The short answer is yes. Zero Trust is considered the gold standard when it comes to protecting ICS infrastructure against internal and external security threats; however, there are a number of challenges that need to be considered when trying to adapt a Zero Trust security architecture within an ICS infrastructure.
The first challenge is what we refer to as ‘technical debt’, which pertains to the retrofit rework required on systems to support required functionality; in the case of Zero Trust and ICS, such functionality could be IAM and MFA, network segmentation, monitoring, etc. Another challenge is with legacy ICS assets and their inability to provide least-privilege access control, which is a key component in a Zero Trust security environment. For these reasons, successful Zero Trust security implementations are often delivered in greenfield installations as the hardware and software better support this security framework. Furthermore, it’s much easier to architect the ICS system and sub-systems with the appropriate network segmentation before the ICS goes into production.
The good news for brownfield installations is that most of these advanced security concepts can be bolted onto existing ICS infrastructure assets with minimal effort or investment, all of which are designed to significantly increase the security posture of the ICS if properly architected, implemented and continuously monitored and managed.
There’s no question that Zero Trust is a significant paradigm shift from traditional cybersecurity; as such, it will take time for organisations to migrate to the new security philosophies and best practices. Traditional cybersecurity concepts focus on verification and trust, whereas Zero Trust cybersecurity concepts focus on least-privilege underpinned by authentication and authorisation.
As the saying goes, there’s no need to boil the ocean. This statement is especially true when it comes to cybersecurity, where it doesn’t have to be an all-or-nothing approach. At Siemens, we strongly promote the Defence in Depth (DiD) security framework to our customers to protect their ICS environment from internal and external cybersecurity threats. What’s interesting with the DiD framework is that it shares a lot of similar concepts and philosophies as the Zero Trust security framework, especially in the realms of IAM, network segmentation, application whitelisting in addition to advanced monitoring and actionable intelligence. DiD is a cybersecurity strategy that provides multiple, redundant defensive controls in a thoughtfully layered approach in the event where one security control fails or a vulnerability is exploited, the system continues to operate with integrity.
As the number and sophistication of cyber threats and exposures continue to evolve and increase in frequency, it’s simply not feasible to eliminate all security threat vectors from an ICS infrastructure. The objective should be to implement a strong cyber-resilience strategy based on industry standards and best practices whilst raising your ICS security status to a level that is considered ‘too expensive to attack’.
Anticipating maintenance problems with predictive analytics
By utilising predictive analytics, process manufacturers can predict failures, enhance...
Air-gapped networks give a false sense of security
So-called 'air-gapped' OT networks can still fall victim to cyber attacks, so what is the...
Maximising automation flexibility: the ISV-driven approach
Vendor lock-in has long been a significant barrier to innovation in the industrial sector, making...