How to Implement Security Monitoring For Critical Infrastructure
I ran across an interesting statistic a couple weeks ago. According to a Ponemon Institute, report titled “The State of Cybersecurity in the Oil & Gas Industry”, 68 percent of security and risk managers reported losing confidential information or experiencing disruption over the previous year.
The existence of security breaches for the last five plus years is well documented, so that didn’t bother me. What did bother me is that the security breaches are happening in critical building infrastructure and industrial control systems (ICS). This increases my level of concern as it does not appear to me that these types of breaches are talked about too often.
Security breaches obviously continue to remain a persistent challenge for both data center providers and enterprises monitoring their networks, even as the expenditures on network security appliances increases. When it comes to ICS, there are many systems that can be vulnerable. Here are some examples of vulnerable systems:
- Heating, ventilation and air conditioning (HVAC)
- Building power distribution systems
- Communication systems
In addition, many building and system control and data acquisition (SCADA) systems remain unhardened against the multitude of security threats that exist. These threats include:
- Third-party remote and wireless access since contractors may have lax security processes
- Proprietary appliances and sensors with potentially outdated software which are prone to vulnerabilities, the use of default/easy passwords, and the lack of encryption safeguards
- Insufficient attention from NOC/SOC personnel due to auxiliary nature of critical infrastructure networks to their daily tasks
- The common practice of rotating technical personnel that are servicing critical infrastructure equipment — this provides wider access to the physical infrastructure including the network and USB ports
- Malware insertion through dedicated attacks that take control of critical infrastructure for criminal and nation-state security attacks Malware and cyberattacks can easily interfere with command and control of critical data infrastructure and also result in successful ransomware attacks that can cost thousands, if not millions, of dollars.
Security isn’t the only problem though. ICS systems can suffer simple maintenance failures or overload conditions caused by lightening or other natural factors, fires, and other problems. However, consistent monitoring and the installation of simple network visibility solutions can produce clear and cost-effective ways to manage problems. Critical pieces of network data exposed by a visibility solution and analyzed in either real time or near real time, can prevent the loss of building functionalities like power outages, air conditioning outages, and equipment damage.
For example, modern versions of HVAC systems need continual monitoring to stay energy efficient and to ensure that building occupants are comfortable. Frequent monitoring is necessary because there are numerous environmental sensors and motorized control systems within HVAC systems. Proper monitoring helps maintain a consistent temperature to reduce energy and maintenance costs
The benefits of monitoring ICS systems include the following:
- Remote access 24 x 7 to critical infrastructure and control systems
- Cost reduction because of faster alerting of system problems
- Deployment of n+1 survivability for ICS monitoring tools
- Testing and validation of critical infrastructure against security threats
Whether you are part of the DevOps or SecOps team makes no difference—threats and problems are a daily, if not hourly, occurrence. What you need is good quality data as fast as you can get it to counter security threats, troubleshoot network outages, and remediate performance problems.
Unfortunately, IT security and analytics tools are only as good as the data they are seeing. An integrated approach for proper network visibility, network security, and network testing ensures that your tools get the right data at the right time, every time. Without an approach like this, IT teams will continue to struggle with preventing security breaches—and many will fail.
If you want more information on this topic, try reading this solution brief Security Monitoring of Critical Infrastructure.