The paper provides an overview of some system-specific policies that might reduce vulnerabilities in nuclear facilities.
Summary of key points:
- Malicious code (malware): Malware includes the broad range of software designed to infiltrate or damage computer systems without user knowledge or consent. The most well-known forms of malware include:
2. Worms (self-replicating program)
3. Trojans (kind of virus in which the malicious code is hidden behind a functionality desired by the end user)
- Denial of service attacks
- Rogue devices: In wireless networks, an unauthorized access point might be inserted into the control system. This can be done in a non-malicious manner, which inadvertently provides an unknown access point.
- Reconnaissance attacks: Enable the first stage of the attack life cycle by probing. This serves to provide a more focused life system and improves the odds of success in the attacker’s favour.
- Eavesdropping attacks: The goal of an eavesdropper is to violate the confidentiality of communications by ‘sniffing’ packets of data on the control network or by intercepting wireless transmissions. Advanced eavesdropping attack, also known as ‘Man in the Middle’ or path-insertion attacks, are typically leveraged by a hacker as a following ip to a network probe or protocol violation attack.
- Collateral damage
- Unauthorized access attacks
- Unauthorized use of assets, resources, or information
1. Identifying critical assets: Policy creation begins with identifying assets that need protection and the requisite level of protection. On a control system network these are real-time serves, field devices, and peripherals such as printers and network routers and switches. The primary vectors of most concern is the compromise of communication that can alter the operation of field devices. In order to gain a foothold behind a firewall, attackers typically target non-essential appliances that are most vulnerable. Hence, any network-enabled device on the control network must be considered critical for security.
2. Profiling the network: since a majority of devices are vulnerable to disruption from active scans using tools such as Nessus, passive scanning and identification is currently the only viable option to discover and identity all devices detected on the network.
3. Creating and managing policies across the network.
4. Creating a strong defence perimeter: Given the need to access control networks from the corporate network or, in some cases, from the internet, it is essential to create a strong defence perimeter. A perimeter firewall must create at least three security zones - a secure zone for the control system network elements, a demilitarized zone (DMZ), and insecure zone.
5. Ensuring identity management and rogue device mitigation: The most likely vector for an intrusion in a control system network is unintentional inappropriate use. An employee or contractor might plug in a laptop to perform routine tasks without realizing that it has picked up a worm or spyware. (This has already occurred in nuclear plants). The worm can then start scanning the control system network, and cause outages and devices as PLS due to unexpected traffic. This scenario is even more likely with the proliferation of wireless access points. Control over access points through authentication of every user and health-checking of every device is essential to ensure security within the perimeter. A network access control (NAC) solution should combine user identity, device security, state, and location information for session-specific access control by user, enforced throughout the network.
6. Setting up secure remote access.
7. Monitoring and reporting.
The full article here: http://fas.org/sgp/crs/homesec/RL34331.pdf