2016-11-13

SCADA Security Published

My book SCADA Security - What's broken and how to fix it is live on Amazon in soft-cover and Kindle formats. The book's launch was the Waterfall/TDi mingle at the ICSJWG last month, with copies available for all ICSJWG attendees complements of Waterfall Security Solutions.

In the book, I focus on the "what" and "why" of SCADA security more than "how." I argue that IT-style defense in depth has failed us - the kinds of attacks that breach modern IT networks routinely can also breach and mis-operate SCADA/control system networks as well.

The emphasis on intrusion detection is particularly mis-placed. The US NIST framework for example, talks about five pillars of critical infrastructure security: identify, protect, detect, respond, and recover. The framework provides no guidance whatever though, as to which of these "pillars" is more important for different kinds of networks. This is typical of old-school defense-in-depth advice.

Fundamentally, all attacks are information, and all information can encode attacks. IT networks constantly exchange information with the Internet - electronic mail, web pages, and more. IT networks are therefore under constant attack, and it is no surprise that they routinely succumb to some of these attacks. Detect, respond and recover are critical to the protection of any network that is essentially, constantly compromised.

The problem with detect, respond and recover is that they take time. People can argue about how long they take, but the answer really doesn't matter. Compromised networks are being deliberately mis-operated - this is the definition of compromise. If a stranger walked in to our refinery or power-plant control room and sat down at the operator console and started bringing up screens and clicking on things, how long would we let this continue? A month? A day? An hour? 20 seconds?

All of the industrial sites I know would regard this kind of mis-operation, even for a couple of seconds, as a completely unacceptable risk. We can detect / respond and recover from backups on IT networks. We cannot restore lost production, costly equipment, or human lives "from backups." The focus of SCADA security is and must always be protection and prevention. The NIST framework does not say this. The French ANSSI standards do.

For the record: intrusion detection does have a role in SCADA security, but it is a secondary role. On the most critical networks, this secondary role may still be very important, but it is never as important as preventing compromise in the first place.

This is the main message in the book. I do take 180 pages to say it, rather more thoroughly than here.

No comments:

Post a Comment