Industrial Control Systems (ICS): what to consider when protecting industrial assets from cyber threats? Part 1. Secure ICS Architecture design

Industrial Control Systems (ICS): what to consider when protecting industrial assets from cyber threats? Part 1. Secure ICS Architecture design
Ian Suhih

Currently, the international cybersecurity environment is tense. While until recently, cyber threats were considered primarily in relation to the theft of confidential information and extortion, governments are now increasingly talking about cyber weapons and the possibility of physical damage to critical infrastructure. This can be achieved by attacking industrial control systems (ICS) that connect the world of information technology and real industrial processes. Traditionally, systems of this class were poorly protected from cyber threats, or not protected at all, which now puts entire industries at risk. This paper discusses practical issues of ICS protection and in particular, issues related to the design of secure ICS architectures.

Ian Suhih

Industrial Control Systems (ICS): what to consider when protecting industrial assets from cyber threats? Part 1. Secure ICS Architecture design

A Word from the Author

This paper is aimed primarily at managers responsible for the cybersecurity of process control systems, and engineers who are beginning their career in the field of industrial control system cybersecurity. It is designed to help understand the peculiarities of the practical application of international and national standards for the cybersecurity of the industrial control systems to help avoid architectural and gross technical errors at the start of projects, to highlight the main features of the protection of ICS. This paper can also be useful for industry experts as it can offer a new perspective on familiar things.

I sincerely hope that this work will help the reader to better understand the specifics of ICS cybersecurity and make our world a little safer.

The author would like to thank:

• Hubertus Storck

• Alexey Kuzichkin

• Dmitriy Pravikov

• Artem Zhiganov

Without your help, my professional journey would have been much more difficult.

Special thanks for the professional translation:

• Margarita Nazarovskaya

The paper is based on the scientific article " Development of secure architectures for process control systems" DOI: http://dx.doi.org/10.26583/bit.2020.2.08 (http://dx.doi.org/10.26583/bit.2020.2.08)

1. Abbreviations

DCS – Distributed Control System

DMZ – De-Militarized Zone

HIDS – Host-based Intrusion Detection System

NIDS – Network Intrusion Detection System

IDS – Intrusion Detection System

HMI – Human to Machine Interface

IEC–International Electrotechnical Commission

ISO – International Standards Organization

OS – Operating System

SIS – Safety Instrumented System; equivalent to Instrumented Protective System (IPS)

USB – Universal Serial Bus

HDD – Hard Disk Drive

PLC – Programmable Logic Controller

DCS – Distributed Control Systems

PIZ – Process Information Zone

ICS – Industrial control Systems

BPCS – Basic Process Control Systems

IT – Information Technology

OT – Operational Technology

HSE – Health and Safety Executive (United Kingdom)

HMI – Human Machine Interface

SCADA – Supervisory Control and Data Acquisition System

MES – Manufacturing Execution System

APC – Advance Process Control

WSUS – Windows Server Update Services

DPI – Deep Packet Inspection

SIEM – Security Information and Event Management

WAF – Web Application Firewall

DCOM – Distributed Component Object Model

OPC – Open Platform Communications

EPP – End Point Protection

RD – Remote Desktop

NSA – National Security Agency (USA)