The mission of protecting industrial control systems (ICS) is so vital it cannot be left to just any security solution. Every day, we expect water to flow from our faucets, our lights and electricity to work and traffic lights to move traffic along quickly and efficiently. As citizens and customers, we have zero tolerance for interruptions in essential services even for a few hours, much less days or weeks.
ICS services span everything from electrical grids to water management, oil pipelining to gas refineries, waste treatment to traffic control and more. They are the services we all use. However, all these services deal in huge capacity volumes that require heavy-duty electro-mechanical controllers and sensors.
Control of these sensors is typically through dedicated networks using a unique industrial control method called SCADA (Supervisory Control And Data Acquisition).
Demands for greater efficiencies have driven more of these devices to be network accessible. Many SCADA devices had been identified as being connected to the Internet, making them directly accessible to both plant managers and cybercriminals alike. These devices are now subject to the same infections, malware and bot attacks as any other computer-based device.
The five areas of vulnerability assessed include:
- Ability to operate in the environment and scale
- Ability to speak SCADA languages
- Depth of SCADA language monitoring
- Detection and protection capabilities against common threats
- Capability to block attacks at typical points of entry (i.e. USB, browser, email, etc.)
Control is all about visibility. Visibility is all about protocols, parameters and processes. Protocols are all part of ‘learning the language.’ Parameters and processes are all about the proper order of how language is used to accomplish an objective. Anyone can program a fixed set of outcomes. Those are known as ‘state machine’ conditions.
Understanding how protocols should be used and identifying when they are being used improperly are the keys to learning and growing. There are hundreds of SCADA and ICS equipment vendors offering wide range automation choices, each using unique command sets, command procedures, and operating system configurations. Staying current and keeping up requires a great deal of time and effort.
Broad applicability across ICS domains requires security architecture capable of visibility and control beyond just basic commands down to the parameter level. It is not just important to know that a temperature bias level command is being sent, but if the same bias value is being sent over and over again an otherwise normal command takes on new meaning. Check Point is capable of providing SCADA visibility and control to the parameter level. Check Point has the ability to log all traffic and investigate commands down to the parameter level, a capability unique to its management console offering a level of investigative insight unmatched.
The more recognizable SCADA applications and commands embedded in the security system, the easier it is to recognize radical behavior!