The mantra throughout FIRST was “sharing to win”, the concept of which echoes throughout security got me to thinking about information sharing in the ICS/SCADA security arena. Kyle Wilhoit developed a honeypot architecture that emulated several types of SCADA and ICS devices. These honeypots include vulnerabilities found in across similar or same systems to showcase a realistic environment.
Fortunately, there are some basic configurations considerations that can improve ICS/SCADA systems security which includes the following:
- Disable Internet access to your trusted resources, if possible.
- Ensure that your trusted resources have the latest updates and that new patches/fixes are monitored.
- Use real-time anti-malware protection and real-time network scanning locally on trusted hosts and where applicable.
- Require user name/password combinations for all systems, even those deemed “trustworthy.”
- Set secure login credentials and do not rely on defaults.
- Implement two-factor authentication on all trusted systems for any user account.
- Disable remote protocols that are insecure.
- Disable all protocols that communicate inbound to your trusted resources but are not critical to business functionality.
- Utilize network segmentation to secure resources like VES systems, ICS, and SCADA devices. See a great write-up on network segmentation here.
- Develop a threat modeling system for your organization. Understand who’s attacking you and why.