Typical security technology

Unlike a typical IT network, an ICS network does not need
exceptional throughput. However, an ICS is far more time-critical, with each specific installation detailing tolerable levels of delay . Their need to remain self-sustaining is significant. Unforeseen outages are unendurable and the systems’ continuous nature demands availability . The ICS system platform is fragile in terms of standard IT Security. Integrating the ICS with defense capabilities such as antivirus or intrusion protection in real time is not possible due to its vulnerability to network manipulation, disruption in timing, and specific need of expertise. Table 2 indicates the differences between standard IT networks and the typical ICS network. The basis of security relies upon the premise of Transmission Control Protocol and Internet Protocol (TCP/IP). The growing reliance on IT technologies has made it easier to interface with ICS’s and reduced their previous isolation from network attacks. This improved technology attaches greater risk and the benefits require deeper concern.

ICS configuration weaknesses

The presets for ICS’s are another distressing factor. A
common weakness exists for many modules. Their Ethernet cards have hard-coded default passwords that are easily found in published support manuals . Patches cannot fix these hard-coded faults; retirement of the hardware is required to mitigate the problem. With the coming advances, vulnerabilities will expand. The electric grid configurations will require more communication control capabilities introducing added access points . The exposure of these networks will increase. Due to the deployment of smart meters, intelligent appliances, and other sensors the number of managed devices within residences will expand to between ten and a hundred . Adjacent to vulnerability caused by exposure is inter connectivity. Bridged heterogenous networks will create risks extending from the linking of those networks . Wireless integration continues to move forward with many circuit boards having the antenna printed on the board. Complex systems will become more complicated. Increased complexity will further stress systems with the implementation of more points of failure. Standard IT risks will multiply. The added necessity of common computing technologies such as multipurpose operating systems and routable networking will increase problems prevalent in the office environment . Manual operations will decrease. Those decreases will lead to more automation which amounts to compounded risks.

ICS network weaknesses

The introduction of ICS networks to the modern perspective
of business operation has presented many of the aforementioned security concerns. Their environments have been modified to consider commerce and trade first and leaving likely security effects with little regard. The lack of attention dedicated to security leads to more problems. The lack of focus for defensive measures introduces gaps in a system that without remediation may become back door access points . Visits conducted to ICS facilities due to response and assessments have revealed these vulnerabilities. Noted among these architectures is missing defense-in-depth deployment, zoning, little if any port security, and weak access control. The architectures are in parallel connection with corporate networks absent firewalls or demarcation zones (DMZ) to assist in protection from the Internet. Networks that exhibit the most exceptional risk should have well define security perimeters. Segmentation of these networks would limit immediate access during attacks. Configuration for firewalls should restrict data to appropriate network locales. Application of DMZ’s to large architectures can help to isolate roles and privileges. Removal of Available bypass access points within the ICS that allow firewall avoidance must occur. To further compound the weaknesses with ICS networks, audit and accountability practices are frail. Related to this matter are incomprehensible network architectures, minimal enforcement of remote authentication, media egress control, and poor intrusion detection monitoring.