PAM solutions to increase SCADA security
SCADA (Supervisory Control and Data Acquisition) is a proven framework that industrial and utility companies use to manage their operational technology (OT) systems. In recent years, however, cyber risk has increased as SCADA system components have become more interconnected due to the success of the Internet and the ability to use it IP-based.
The SCADA cybersecurity framework recommends controls to counter the risk of cyberattacks on SCADA systems. These attacks can wreak havoc or even cost lives. Access controls including Privileged Access Management (PAM) are a critical building block for SCADA security as they defend industrial systems against malicious actors.
What is SCADA?
SCADA stands for Supervisory Control and Data Acquisition. In general, it is a system that can monitor and manage sensors and controls at various locations.
SCADA is a mature technology framework that encompasses many different devices and software applications. Together, SCADA-powered technologies form a kind of industrial nervous system. They can be found in factories, power plants and hospitals. Heating and cooling systems for buildings are also controlled in this way. The combination of sensors, host computers and remote control terminals (RTUs) makes it possible to monitor and control physical processes. For example, a SCADA system in the steel industry can detect when molten steel is hot enough to be poured. This triggers the appropriate actuators at the right time to allow the steel to be poured into molds. SCADA also provides man-machine interfaces for reporting and control input. Through this function, it is possible to keep track of all relevant production data and to intervene if necessary.
SCADA security in the age of the Internet is of paramount importance.
Security of SCADA systems has always been a major concern for system administrators. Because proprietary communication protocols used isolated networks, SCADA systems were hard to reach and difficult to hack. Security architects could point to the "air gap," or the complete isolation of SCADA networks from the outside world; it was considered an extremely robust measure against potential threats. Yet attacks on SCADA systems have significant impact. We are talking about nuisance disruptions such as power outages, but also, unfortunately, disasters such as meltdowns, dam breaches, or injuries or deaths of industry workers. These once remote possibilities of consequences are now much more likely.
Two factors massively increase the risk potential of SCADA systems. First, the Air Gap may never have been that efficient layer of protection that people expected. A series of professional hacks, such as the Stuxnet attack on Iranian nuclear power plants, made it clear that hackers could access Air Gap systems using human engineering, USB drives and similar technology. However, the more important development at this point is the IP-based SCADA system. The move in this direction is understandable given how practical and widespread IP has become. It is now possible to access SCADA systems entirely over the Internet - including, of course, the same flexibility and reach of the Internet. In terms of security, however, this development is a disaster.
SCADA systems, which have now also arrived in the Internet age, must now also be protected from hackers. This is a major challenge for the industry, as SCADA systems have not received the same security measures as IT departments.
The SCADA Security Framework
NIST Special Publication 800-82is the most relevant source when it comes to SCADA security. Addendum 2 from 2015 contains a detailed "Guide to Industrial Control Systems (ICS) Security" as well as supplementary information on "Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC)". The NIST standard covers ICS risk management, appropriate risk assessment, and development and implementation of security programs and architectures. It is a comprehensive guide to the application of security controls in ICS and, at nearly 250 pages, is thoroughly researched.
PAM solutions and SCADA security
PAM solutions (Privileged Access Management) and SCADA (Supervisory Control and Data Acquisition) security are important to ensure that only authorized personnel have access to critical systems. PAM solutions provide a centralized way to manage permissions and control who has access to what, while SCADA security provides additional layers of protection for industrial control systems.
When it comes to SCADA and ICS system security, every point in the NIST standard is important. Responsible security personnel must perform the appropriate assessments and implement the controls recommended in the standard. But one control in particular is critical to the success of virtually every other aspect of the standard: Access control - that is, control over any privileged access.
Privileged users are users who have special rights and access to certain systems or information. This can range from simple access to higher level content to full control over a system. Often the term "privileged" is associated with administrator rights, but normal users can also be privileged.
Privileged user access
Privileged accesses are special permissions that allow users to access protected resources. This type of access is usually available only to administrators or other high-level employees.
PAM stands for "privileged access management". It is a set of practices and tools that help administrators monitor and control the use of privileged user accounts. A PAM solution is specialized software that records the sessions of accounts with special privileges, enabling emergency analysis. In addition, this solution can alert on rule violations.
Implement specifications of the NIST standard by means of a PAM solution.
The National Institute of Standards and Technology (NIST) recommends Privileged Access Management (PAM) to set a standard for credential management. This standard should apply equally to small and large enterprises, but is most relevant to large enterprises where there are more than 1,000 systems. Pam Solution X enables you to implement the NIST standard in your company and thus increase the security of your systems.
NIST 800-82 recommends restricting physical access to ICS networks and devices. This recommendation supports PAM principles. Unless devices can be managed through some sort of intermediate layer of protection such as a PAM solution, it is virtually impossible to restrict access to these physical devices.
PAM solutions provide OT security officers with exactly the tools they need to manage privileged access in a complex SCADA environment. NIST also provides guidance on the difficulties of authenticating and authorizing large numbers of SCADA users. For example, Section 5.15 of the standard addresses authentications and authorizations, "An ICS may include a large number of systems, which in turn must be accessed by numerous users. Assigning appropriate permissions to these users and authenticating them is a major challenge for ICSs. It can become problematic to manage user accounts as employees are added and dropped, and also as user roles change over time. Once the number of systems and users continues to grow, managing these accounts becomes even more complicated."
The standard also strongly cautions against taking a distributed approach to authentication and authorization, where each system has its own user credentials: "The problem with this is that it's not particularly scalable that way once the system grows." Also, "For example, the user account of an employee who has left the company has to be deleted individually on each system." Using centralized control of privileged users, PAM can easily disable user access when employees leave the company. The PAM solution covers NIST recommendations, "Authorization is done through an access control system."
VISULOX PAM solution increases SCADA access protection
amitego's VISULOX PAM solution provides centralized control of all privileged access across the SCADA ecosystem. Privileged users log in to a central portal and can then perform privileged actions on SCADA devices. Thanks to VISULOX Pass Cache, privileged users do not need to know the actual password for the corresponding device, preventing users from accidentally or intentionally compromising a physical device in an industrial controller. VISULOX Session Recorder records sessions from privileged accounts and creates logs and videos of sessions that are available to Security Operations (SecOps) teams" in the event of security incidents. VISULOX Session Recorder provide answers to the most pressing questions that need to be addressed during an incident: Who did what, when and on which system. Without this type of session recording, the "SecOps" could lose valuable time trying to clarify what is going on to resolve the incident.
PAM plays a critical role in the smooth functioning of the SCADA Security Framework.
SCADA system security is a complex and key issue. If threats are not properly detected and averted, the public is at stake. PAM is an indispensable element of any SCADA security strategy: it is absolutely essential to protect critical access to SCADA systems. In addition, PAM also indirectly supports many other controls envisioned by the NIST standard - such as patching systems. However, this only works if PAM is used effectively; otherwise, it would be impossible to implement patching in a targeted manner. In short, PAM is a critical success factor for robust SCADA security.
VISULOX Privileged Access Management provides a robust PAM solution that protects your SCADA ecosystem from attacks. Contact us for more information.