Network attacks on critical infrastructure systems are becoming more and more frequent. For many industrial control systems, network intrusion is not a question of whether it will happen, but when it will happen. The power outages in Ukraine and the recent Venezuelan power outages have had serious social impacts. These incidents are a testament to the capabilities of attackers, and the frequency and complexity of cybersecurity incidents continues to increase. The traditional understanding of industrial control system protection, such as absolute isolation brings absolute security, no one will attack the industrial control system, etc., these cognitions are obviously wrong and out of date. For the protection of industrial control systems, there are several common This strategy can deal with common exploitable weaknesses.
Application whitelisting can effectively detect and block the execution of malware uploaded by attackers. The host operation of the production environment of the industrial control system is relatively fixed, and the host operating system is old and isolated from the external network. It is unrealistic to deploy resource-intensive antivirus software that needs to be updated frequently. These realities make it possible to run the application whitelist. When deploying application whitelisting, you need to work with the vendor to establish a baseline.
System intruders often exploit unpatched systems in their attacks. For example, the notorious ransomware and mining viruses use port 445. If the 445 port is closed when the virus breaks out, a lot of unnecessary losses can be avoided. Prioritize the patches and configurations of the engineer station, operator station, and database server, which can effectively increase the difficulty of attackers. In reality, for updates and configurations, it needs to be performed on the test machine, and after passing the test, it is deployed to the actual operating system.
Isolate industrial control systems from other untrusted networks, especially the Internet. Close unused ports and services. If one-way communication is required, a one-way gatekeeper can be deployed. If bidirectional communication must be used, develop a single port on a restricted network path.
Dividing the network into logical partitions and restricting the communication paths between hosts prevents attackers from expanding access while allowing normal system communications to continue to operate. In this way, even if one area is attacked, the rest will not be affected, reducing losses. When an attacker attacks, he needs to obtain legal user credentials, disguised as a legal user to attack the industrial control system, which can increase the authority of the operation, and can also leave less records and evidence.
Use multi-factor authentication to minimize privileged user permissions. User passwords should be set up with security policies, length, complexity requirements, and password mandatory change dates to strengthen management as much as possible.
It is recommended to use VPN for remote access, especially when a third party accesses the industrial control system network. Using the bastion machine, you can effectively monitor various operations and times of access, and achieve effective supervision and tracking. Actively monitor for modern threats, detect hacker infiltration this morning, and quickly execute an emergency response to cut off the attack chain and protect industrial control systems.
The Links: VUO62-12NO7 SKIIP23NAB126V1