Wyly Wade

Protecting Your ICS/SCADA Environment

English: A basic SCADA animation for reference.

The mantra throughout FIRST was “sharing to win”, the concept of which echoes throughout security got me to thinking about information sharing in the ICS/SCADA security arena. Kyle Wilhoit developed a honeypot architecture that emulated several types of SCADA and ICS devices. These honeypots include vulnerabilities found in across similar or same systems to showcase a realistic environment.

Fortunately, there are some basic configurations considerations that can improve ICS/SCADA systems security which includes the following:

  • Disable Internet access to your trusted resources, if possible.
  • Ensure that your trusted resources have the latest updates and that new patches/fixes are monitored.
  • Use real-time anti-malware protection and real-time network scanning locally on trusted hosts and where applicable.
  • Require user name/password combinations for all systems, even those deemed “trustworthy.”
  • Set secure login credentials and do not rely on defaults.
  • Implement two-factor authentication on all trusted systems for any user account.
  • Disable remote protocols that are insecure.
  • Disable all protocols that communicate inbound to your trusted resources but are not critical to business functionality.
  • Utilize network segmentation to secure resources like VES systems, ICS, and SCADA devices. See a great write-up on network segmentation here.
  • Develop a threat modeling system for your organization. Understand who’s attacking you and why.

Protecting Your ICS/SCADA Environment | Security Intelligence Blog | Trend Micro.

Leave a Reply

%d bloggers like this: