Full Report
Alan Weissberger of the IEEE Communications Society (ComSoc) Techblog felt the ongoing culture and education gaps been network security and engineering needed to be highlighted as it is keeping critical infrastructures from being cyber-secured. While IT and OT network security are essential, securing control systems presents fundamentally different challenges. Engineering devices, particularly field and process […]
Analysis Summary
# Best Practices: Bridging Network & Control System Cybersecurity
## Overview
These practices address the critical security gap between traditional IT/OT network security and the specialized requirements of Engineering Control Systems. Because field devices (sensors, actuators, and controllers) often lack native security features like authentication or logging, these guidelines focus on integrating engineering-level physics and process data with traditional cybersecurity frameworks.
## Key Recommendations
### Immediate Actions
1. **Identify Legacy Field Assets:** Catalog all process sensors and field devices that lack built-in authentication, encryption, or logging capabilities.
2. **Establish Cross-Disciplinary Teams:** Form a task force of both network security engineers and control system engineers to audit current system visibility.
3. **Monitor for Non-Ethernet Disruptions:** Ensure monitoring isn't limited to Ethernet; account for unintentional electronic communication issues in serial or proprietary protocols.
### Short-term Improvements (1-3 months)
1. **Baseline Process Behavior:** Establish a "known good" baseline for sensor data to detect anomalies that may indicate malicious manipulation of physics rather than network traffic.
2. **Implement Industrial Forensics:** Deploy outboard logging or side-channel monitoring for devices that do not support internal cyber forensics.
3. **Targeted Engineering Training:** Train IT/OT security personnel on the specific requirements of control system uptime and the "safety-first" engineering mindset.
### Long-term Strategy (3+ months)
1. **Physics-Based IDS (Passive Monitoring):** Implement Intrusion Detection Systems that analyze raw electrical signals/process data at the sensor level, bypassing reliance on compromised digital network data.
2. **Secure Field Procurement:** Update procurement policies to mandate that all new control system components include native cybersecurity features (logging, authentication).
3. **Unified Security Culture:** Formalize a governance model where engineering reliability and cybersecurity are treated as a single discipline rather than separate IT/OT silos.
## Implementation Guidance
### For Small Organizations
- Focus on asset inventory. You cannot protect what you don't know exists.
- Prioritize physical physical security of field cabinets to mitigate risks for devices lacking authentication.
### For Medium Organizations
- Implement passive network monitoring that is ICS-aware (able to parse industrial protocols like Modbus, DNP3, or Profinet).
- Conduct tabletop exercises that simulate a "loss of view" or "loss of control" scenario.
### For Large Enterprises
- Deploy a centralized Security Operations Center (SOC) that integrates both network alerts and real-time process sensor anomalies.
- Mandate ISA/IEC 62443 certification for all new industrial control system deployments.
## Configuration Examples
While specific code is not provided in text, best practices dictate the following configuration logic:
* **Disable Unused Services:** Permanently disable HTTP/Telnet on any field controller that supports more secure alternatives (SSH/HTTPS).
* **VLAN Segmentation:** Isolate process-critical traffic (Layer 0-1) from plant-wide network traffic (Layer 2-3) using a strictly enforced DMZ.
## Compliance Alignment
- **NIST SP 800-82:** Guide to Industrial Control Systems (ICS) Security.
- **ISA/IEC 62443:** Security for Industrial Automation and Control Systems.
- **NERC CIP:** For organizations within the electrical power infrastructure.
## Common Pitfalls to Avoid
- **The "IT/OT Convergence" Myth:** Assuming that securing the network layer automatically secures the control system layer.
- **Over-reliance on Ethernet:** Ignoring threats that can enter via serial ports, handheld maintenance tools, or raw sensor signals.
- **Ignoring Physics:** Failing to realize that an attacker can manipulate the process (physics) without ever triggering a traditional "network" alarm.
## Resources
- **IEEE ComSoc Techblog:** hxxps://techblog[.]comsoc[.]org/
- **ControlGlobal Unfettered Blog:** hxxps://www[.]controlglobal[.]com/blogs/unfettered/
- **ISA Security Compliance Institute (ISCI):** hxxps://www[.]isasecure[.]org/