Protecting Critical Infrastructure Published

Cyber-Physical Security - Protecting Critical Infrastructure at the State and Local Level was published recently. I contributed chapter 4 "Cyber Perimeters for Critical Infrastructures." Essential to modern thinking about control system network perimeters is the concept of "trust," "criticality," or "impact" - different authors use different words for the concept.

The idea is to rank networks by the consequences of accidental or deliberate mis-operation. Many authors identify at least three levels of impact: safety-critical, reliability-critical and non-critical. On safety-critical networks, the consequences of mis-operation can be injury, loss of human life, environmental disasters, or in the worst case, environmental catastrophes - think Chernobyl. On reliability-critical networks, the worst-case consequences can be long-term site outages due to extensive damage to physical equipment, or shorter-term outages.

Modern advice for network perimeter security, for example France's ANSSI Cybersecurity for Industrial Control Systems, forbids firewalled connections between the most-critical networks and any less-critical networks, and permits only unidirectional gateways. Firewalls may be appropriate for connecting networks at the same level of criticality - this really amounts to internal segmentation of a high-impact network. Firewalls are flagged as entirely inadequate to protect the most critical networks from less-critical networks.

My chapter 4 talks about why this is, and how to accommodate a variety of common data flows using different configurations of unidirectional gateway technologies.

No comments:

Post a Comment