What is in the standard
This standard provides guidance to secure industrial control systems (ICS) – to include supervisory control and data acqusition (SCADA) systems, distributed control systems (DCS, and other systems performing control functions. The intended audience is ICS communities vital to the operation of US critical infrastructure (90% of which are privately owned and operated). The document provides an overview of ICS topologies, identifies treats and vulnerabilities to these systems and networks, and recommends security countermeasures. Increased interconnectivity with business sytems and increased integration of wireless and remote networking exposes ICS to the outside world of cyber threats. Special preventions unique to ICS systems must be taken when introducting these solutions and technologies to control environments – and in some cases completely new and unique solutions are necessary.
Messaging executed in ICS has a direct effect on the physical world which introduce risk to health and safety of human lives, serious damage to the environment, great financial loss due to production losses, negative impacts to a nation’s economy, and compromise of proprietary information. The documents makes note of the distinction of performance and reliability requirements of ICS which are often unconventional to IT professionals. What’s more, the authors recognize that even the goals of safety and efficiency sometimes conflict with security in the design and operation of control systems. The standard is helpful in providing clarity in the types of possible incidents which could arise in ICS environments – most of this information is contained in useful tables – e.g. policy and procedure vulnerabilities, architecture and design vulnerabilities, configuration and maintenance vulnerabilities, physical vulnerabilities, software development vulnerabilities, examples of adversarial incidents, and definitions of ICS impact levels.
Relationship to Unidirectional Gateways
The standard outlines major security objectives for ICS and recommends firstly unidirectional gateways to restrict logical access to the ICS network. It also outlines the typical defense in depth strategy for ICS which will ideally have unidirectional gateways to provide logical separation between the corporate and ICS networks. Typical security countermeasures are mentioned in detail – authentication, credentialing, restricting access, disabling ports, policy and procedures, personal identity verification, encryption, security patches, network protocols, and network topology designating levels of security to different networks.
Unidirectional gateways are advised concerning network segmentation and segregation and boundary protection. Separating ICS in a high security domain from the corporate network is ideally and traditionally best achieved through unidirectional gateway technology which restricts communications between connections to a single direction – segmenting the network. The standard describes unidirectional gateways as a combination of hardware and software which makes it physically impossible to send any information back into the source network, the ICS – “The software replicates databases and emulates protocol servers and devices”.
This standard reflects NIST’s sophisticated understanding of the functionality and importance of unidirectional gateways in control system environments. The authors illustrate the dramatic differences in the goals, vulnerabilities, and risks associated with ICS versus the IT environment, knowing full well that these differences warrant different solutions. Unidirectional gateways are mentioned throughout the document to protect the most critical networks and assets of an ICS from the threat of cyber attacks.