This blog post has been developed in collaboration with Poh Chang Chew, Fortinet's Consulting System Engineer in Asia Pacific.
Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems are being increasingly targeted by attackers involved in terrorism and cyber warfare. Besides factories, these systems run critical infrastructure like power plants, water treatment systems, and traffic control systems. At stake is not just financial loss and brand reputation, but these attacks can result in national security threats and even death.
Based on our experience when evaluating ICS and SCADA systems, we almost always find security weaknesses that can be easily taken advantage of. These weaknesses allow the ICS components to be manipulated and controlled beyond its intended parameter. The root of the problem can be trace to:
- Patching: Unable to install the latest patch because it is not approved by Original Equipment Manufacturer (OEM)
- No or weak authentication: Any device that can get connected to the system can change value and configuration of PLCs easily or bypass its authentication.
- Backdoors: Use of undocumented and unrestricted access to critical functions
- Buffer overflow: Poorly written software that allows restrictions to be bypassed or functions to be manipulated
- No encryption: Data and information can be deciphered easily for manipulation
The previous best-practice for ICS systems was to keep them segregated (air-gapped) from IT networks to prevent outside interference. However, we are seeing ICS networks increasingly being connected to the IT network. This convergence event is exposing ICS systems to threats and vulnerabilities that was previously protected through isolation.
Identifying the industry’s security needs
One way of managing this convergence is to group devices based on device functionality and manage the access at each level. The Purdue Model for Control Hierarchy uses the concept of zones to divide enterprise IT and ICS devices into logical segment based on functions. It provides a model to identify five zones as shown in diagram below.
Let’s take the example below. We have an IT network and an Operational Technology (OT) network with two ICS environments.
Based on the Purdue model, we will be implementing segmentation on:
Demilitarized Zone (Level 3.5). This first line of defense in isolating the OT network from IT network. This is a critical segmentation because IT network are generally targeted before OT network.
Manufacturing Zone (Level 3). This segmentation protects each ICS system / remote sites / factories. The purpose of this segmentation is to keep these site operational even if other ICS systems / sites comes under attack.
Cell Zone (Level 2). To further increase resiliency of each ICS environment, each functional cell or production line within the ICS network is further segmented. This will ensure that if a functional cell is attacked, other adjacent functional cell are still functioning.
By placing Fortinet’s FortiGate Nextgen Firewall at strategic points within the ICS network itself, we can granularly segment different zones. This creates an extra layer of protection for the devices, and protects the data flow and communications between them. In addition, FortiGate has specific ICS / SCADA-aware functionality. This functionality allows FortiGate to identify most ICS / SCADA traffics, and stop bad traffics.
Examples of how FortiGate can improve resiliency on ICS network are:
- Allowing only Workstation_A to write to HMI_A
- Block HMI_1 from communication with PLC_2
- Identify and alert if a Modbus protocol has been modified maliciously
- Alert on all write command
Finally, FortiGate comes in an industrial grade, compliance ready (meets EMI, Thermal, and Vibration standards as outlined by IEC61850) rugged physical appliance that can withstand the harshest environmental conditions.
FortiGate’s functionality is further enhanced when it can integrate with other Fortinet Fabric Ready technology like OT-IDS, SIEM, and Risk Management software. By integrating into Fortinet Fabric Ready technology, FortiGate achieves even higher enforcement granularity, perform earlier threat detection, and faster threat remediation.
NTT Security, as a global leader in security services, understands these challenges. Our aim is to assist clients in operationalize security solutions, and also to prepare for the eventual IT/OT convergence.