Critical Infrastructures (CIs) provide resources upon which several functions of society depend. Potential unavailability of these would have a devastating effect on the safety, economy, and well-being of society as a whole.
Since Critical Infrastructures are increasingly dependent on ICT to improve their operations and services, they are also increasingly exposed to new risks. Ensuring cybersecurity of Critical Infrastructures is now a major challenge and highest priority of both governments and private companies that manage these critical assets. Vulnerabilities of Critical Infrastructures may be exploited for financial or political motivation, and recent deliberate interruptions of critical automation systems have demonstrated the destabilizing effect of such attacks.
No infrastructure is critical per se unless it is essential for the provision of a critical service, no alternatives exist and a cyber incident would disrupt the provision of the service. Identification of National Critical Infrastructure is the first step in the path to preserving the accessibility of the nation’s critical assets.
At CYBRIXS, we have developed a Methodology for Identification of National Critical Information Infrastructures, and we have experience working with critical information infrastructures in all types of industries: energy, banking, healthcare, telecommunications and other, assisting our clients in ensuring the security of their networks and resilience of their operations.
EVERY GOVERNMENT IN EVERY NATION HAS A RESPONSIBILITY TO PROTECT CRITICAL INFRASTRUCTURE AGAINST NATURAL DISASTERS, TERRORIST ACTIVITIES AND NOW CYBER THREATS.
Critical infrastructure (or critical national infrastructure(CNI) ) is a term used by governments to describe assets that are essential for the functioning of a society and economy.
The following are the 16 critical infrastructure sectors that should be protected by any nation:
Defense industrial base
Food and agriculture
Healthcare and public health
Nuclear reactors, materials, and waste
Water and wastewater systems
CRITICAL INFRASTRUCTURE PROTECTION
Critical Infrastructure Protection (CIP) is the need to protect a region's vital infrastructures such as water and energy. Every government in every nation has a responsibility to protect these essential critical infrastructures against natural disasters, terrorist activities, and now cyber threats. From energy organizations to transportation companies, it is paramount that security in all critical infrastructure sectors is of the highest standard and that disaster preparedness, response, and recovery are top priorities. Common components of critical infrastructure needing security considerations include Industrial Control Systems (ICS), Operation Technology (OT), and SCADA Systems.
The world is changing, and digital and physical systems are converging. Systems that once stood alone managing critical infrastructure operations are connecting to the internet and sharing sensitive data. This new world structure brings with it new security problems. Critical infrastructure organizations must use a robust framework that can anticipate and mitigate disaster across their entire critical infrastructure environment. Critical Infrastructure Protection (CIP) helps organizations to prepare for and respond to serious incidents involving critical infrastructure environments and to protect against an ever-growing number of threats.
SOME EXAMPLES OF THINGS TO DO TO SECURE A SCADA NETWORK:
Make it its own network. While this might not be completely practical, at least make it use VPN tunnels between remote sites and the home office, AND have a separate network at the home office that is JUST the SCADA! Not virtual machines, not v-lan segmented, a SEPARATE NETWORK.
Limit access to that SCADA network's machines. Do you give every bank teller and janitor the keys to the bank vault? Do you give every secretary, and every employee the keys to the CEO's desk and files? Then why give them all access to your organization's crown jewels?
Run intelligent firewalls and filters on your network. Let's realize that a SCADA system has a limited command set, and sends limited data that is highly structured. You KNOW that these two machines are the control machines. Every single device on the network should log, report, and drop every single control packet that is NOT coming from one of those two machines. Further, if you also know that machine A goes through switch B and C to get to D, you should not accept a contol packet "from A" that came in on switch F.
Intelligent filtering part 2: You know that each end point device has a limited command set, and responds at a given data rate. Flag/report/log anything that deviates.
Pay very close attention to every single thing that connects to or disconnects from a SCADA network. These types of networks never change. If you build a pipeline, how often do you add more pipes? or pumps? It's built then it rarely, if ever, changes! Anything put on the network should be pre-certified and pre-added to the firewalls. If it is disconnected at any point in time, black-list it from all switches, and consider it completely untrusted until it is re-certified by headquarters.
Monitor the control machines on the network very closely. Only put data on it via CD, and only with two machine integrity. Built the CD on one machine, scan it with a second, then put it on the SCADA network.