For process control, we recognize the need to defend against modification from sender and receiver endpoints. Today, with Internet Protocol security (IPsec), we can perform end-to-end authentication, protecting the message without encrypting the data. As an IPsec configuration option, data can be encrypted as well. However, encrypting data can cripple network intrusion detection capabilities. The security strategy for the control system environment must balance the benefits and select the appropriate set of options.
Incident detection and response. An intrusion detection system (IDS) is an application that can include both hardware appliances and software solutions. The IDS resides on the network and notifies the network administrator of intrusion attempts; it records all alert information according to parameters set by the administrator. Traditional information technology (IT) organizations have used these systems for many years, and we have found them equally useful in the control systems environment.
Some control systems today are integrated with network-based IDSs. However, over time we expect greater pervasiveness of this technology as well as the application of host-based IDSs.
An IDS can inspect network packets as they flow through the system. Today, however, IDSs understand very few control system protocols; we see that changing in the future as more of the protocols are defined and implemented, making IDSs more effective for control systems.
While detecting an intrusion is worthwhile, an even more attractive option is thwarting the intrusion. Intrusion prevention systems (IPSs) are relatively new but have a role to play in the future — by inspecting and validating communications attempting to pass between levels in the hierarchy, for instance, between business and process control networks.
Remote security operations centers. These help ensure optimal performance and administration of a process control network and security infrastructure via a set of remote services.
Many process control organizations today face challenges in addressing areas requiring specialized skills — ones that are more closely aligned with the IT organization. While these capabilities are both valuable and necessary, achieving business results commands higher priority for in-house resources. So, over the coming years, we expect growing use of this type of remote service to keep the process control network running in a secure environment.
SECURITY STRATEGY FOR TOMORROW'S PLANTS
Process plants of the future will be compliant with the IEC 62443 standard for industrial network and system security. This means IT best practices for security increasingly will be applied to process control.
Plants will implement "defense in depth" — realizing a single "Maginot Line" won't suffice (see: "Protect Your Plant"). They will strive to safeguard control systems from physical, electronic and cyber attacks (Figure 2).
We will see a move toward more individual accountability — achieved through more role-based control and access-enforced endpoints instead of "in the middle" approaches. Today, change points are detected and made on the server. In the future, they will move nearer to where the impact of the change resides, in other words, closer to the controller.
For role-based access control, a way of increasing individual accountability, we will see encryption used as a step in the right direction. We must adopt a security mindset — based on the premise that all trust is limited. One element of that mindset is compartmentalization, to minimize what must be defended and potential loss.
We also must understand that unverified trust decays over time. So, we must re-verify the basis for trust, ensuring the verification testing isn't predictable. As part of our mindset, we must assume that "the attacker" has compromised some personnel and equipment, yet another reason why a single "Maginot Line" isn't enough.
As we move forward, we must recognize the management challenges involved in the security process. It requires never-ending effort, and involves more uncertainty than other business processes, with mostly indirect measures of success and potentially catastrophic demonstrations of failure.
Management must foster a culture in which security is every employee's personal responsibility. As with all continuing processes, people become complacent or develop workarounds without regard to consequences. So, ongoing use of the security feedback loop is crucial.
As we consider the next five years or so, we can see the "plant of the future" will take advantage of additional security technologies, more and more integrated into the control systems, with easy-to-use management and configuration tools. The security mindset will become ingrained in our control systems, just as safety has. Being prepared, informed and optimistic will help ensure continued success. Remember, it's an evolution — not a revolution.
JASON URSO is vice president and chief technology officer for Honeywell Process Solutions, Phoenix, Ariz. E-mail him at BeCyberSecure@honeywell.com