February 03, 2020
How Security Assessments Help Protect ICS and SCADA Networks
A service provider can spot vulnerabilities and improve the defenses of your industrial controls.
In recent years, these systems have become increasingly interconnected with IT systems and IoT networks as companies strive to improve efficiency and profitability through greater automation and better data analytics. But these improvements come with a cost: Connected systems represent a target for cybercriminals and can provide an entry point for attacks. As a result, the need to protect SCADA systems is more urgent than ever.
Here are three measures organizations should take to assess — and improve — the security measures surrounding their SCADA systems.
1. Security Assessment
In instances where SCADA systems have unmitigated vulnerabilities, it’s usually not because internal cybersecurity staffers are indifferent to (or even unfamiliar with) existing threats and how to guard against them. Rather, internal staffers are often “too close” to their own environments to see them clearly. Assessing security measures with help from a third-party expert with a different perspective can reveal unseen potential for increasing an organization’s security posture.
In addition, SCADA systems often include legacy operating systems and software that is difficult or impossible to patch. Clearly identifying these resources in the environment is critical.
By working with a partner such as CDW to conduct a security assessment of their SCADA systems, companies can attain a clear understanding of their vulnerabilities, as well as ways to shore them up. A thorough security assessment will include a physical security audit, a risk analysis of network-connected assets and applications, a standards-based operational framework gap analysis, and a compliance assessment.
2. Penetration Testing
A penetration test can give companies a realistic sense of how well their security measures hold up under the real-world conditions of a cyberattack. In a penetration test, “white hat” hackers run simulated attacks on a company, trying to infiltrate its network and access its data and systems. Here again, companies often rely on third-party partners such as CDW, both for their expertise and their objectivity.
As they make their way through various tasks, penetration testers document each vulnerability they uncover, such as unmanaged devices or systems that rely on inappropriate trust relationships. Then, the testing team reviews all vulnerabilities discovered and prioritizes them. Sometimes, multiple vulnerabilities may give hackers a path to escalate their attacks throughout an organization.
Throughout the process of a penetration test on a SCADA or industrial network, it is important to remember the sensitive nature of some systems. Penetration tests on these networks must be done slowly and methodically to assure no disruption to the manufacturing process. Any scan on such an environment should be handled by a senior engineer who has experience and understands the possible effects the tools used could have on the environment.
3. Security Design and Architecture
After assessing their security environments, testing their defenses and prioritizing vulnerabilities, organizations must come up with an effective plan to shore up their SCADA security, such as implementing network segmentation. This plan should include improvements related not only to technology but also to people and processes. It very well may be the case that an organization needs to deploy sophisticated security controls such as next-generation firewalls, network access control, next-generation endpoint protection, as well as network visibility tools. Companies often also need to adopt more effective password policies and beef up employee training around phishing and other social engineering attacks.
This is another area where CDW can help. Our experts have extensive experience and can provide recommendations for solutions that have worked for other companies with similar SCADA environments. CDW also facilitates workshops to prepare for implementing advanced security technology such as network segmentation.
The physical and digital worlds have become inextricably connected. By assessing their environments — and by taking action based on their findings — companies can ensure that they have the tools and practices in place to safeguard their systems.