Trusted computing for industrial control systems and infrastructure

The Trusted Computing Group’s open standards now include specifications for securing industrial control systems and infrastructure

Beyond the Stuxnet worm that targeted industrial software and equipment, supervisory control and data acquisition (SCADA) attacks are becoming increasingly common.

In an article for the Wall Street Journal on taking the cyber attack threat seriously, Barack Obama noted: “Last year, a water plant in Texas disconnected its control system from the internet after a hacker posted pictures of the facility's internal controls. 

"More recently, hackers penetrated the networks of companies that operate our natural gas pipelines. Computer systems in critical sectors of our economy – including the nuclear and chemical industries – are being increasingly targeted.”

In October, US Secretary of Defense Leon Panetta warned about the growing threat of attacks against the country’s critical infrastructure. 

"We know of specific instances where intruders have successfully gained access to these control systems," Panetta said. 

"We also know they are seeking to create advanced tools to attack those systems and cause panic, destruction and even loss of life."

Industrial control systems (ICS) play a critical role in any nation’s infrastructure. Specific ICS areas include:

  • Resource extraction and transportation;
  • Power generation, distribution and delivery;
  • Healthcare equipment and data exchange;
  • Process control;
  • Transportation;
  • Building automation;
  • Manufacturing.

Communications in all these areas suffer from proprietary protocols in legacy and current hardware. In addition, security in these systems has historically not been a major consideration.

In the US, the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is concerned with the disruption that can be caused by attacks on ICS and other enterprise equipment.

ICS-CERT has advised that the Shamoon virus, first detected by Symantec in August, could harm control systems even though it does not specifically target them. Vulnerabilities in ICS products are being disclosed at alarming rates, and new mysterious vulnerability markets present new dynamics for assessing risk and crafting strategy. In general, ICS attack targets can include power plants, chemical plants, water delivery systems, and many other facilities with control networks.

Adding trust to ICS

Companies and IT managers who want to avoid finding out how extensive the damage and disruption might be to their systems have a solution available that has been developed over several years as part of overall enterprise computer and network security protection. Developed by technical expert members who represent the leading companies that supply computing and network technology – as well as high-tech users including The Boeing Company, BAE Systems, and many others – the Trusted Computing Group’s (TCG’s) open standards now include specifications that address the connectivity management and network security of ICS environments.

These new specifications build on other TCG open standards for protecting enterprise information in hard drives, through TCG’s Trusted Storage, or the network, through TCG’s Trusted Network Connect (TNC) including entry points such as machine-to-machine (M2M) interfaces. The increased security provided by these systems can additionally be anchored in the Trusted Platform Module (TPM) hardware, an integrated circuit, hardware-based root of trust that delivers substantial endpoint protection.

The existing networks in enterprises, including the internal intranet and virtual LANs (VLANs), external connectivity to internet, cellular and WiMAX, present provisioning, operational management, health monitoring, system reliability, security and other scaling challenges. These challenges are exacerbated by ICS environments, where traditional IT management tools do not apply well. TCG’s Interface for Metadata Access Points (IF-MAP) provides a solution for publishing, searching and subscribing to metadata, the data about data. The open standard protocol was designed for security coordination use cases. It provides a highly scalable architecture optimised for loosely structured metadata.

Adding to the protection that IF-MAP enables, TCG recently announced a new standard that extends TNC IF-MAP for greater network security. IF-MAP Metadata for ICS Security specification addresses the deployment, management, and protection of large-scale industrial control systems by creating secure virtual overlay networks on top of the standard, shared IP network infrastructure typically used in ICS.

IF-MAP metadata and extended identifiers are defined in the specification along with a prescribed set of MAP client behaviours. Together, they provide the necessary coordination and configuration management functionality for creating secure logical overlay networks for communication between and with ICS devices.

To better understand the situation and available improvement, consider a typical industrial enterprise. There are distributed ICSs that are isolated from the corporate network through a variety of traditional mechanisms, each with varying tradeoffs between cost, management, security, and performance. Since many of the ICS environments represent the revenue-generating components of an enterprise, there are significant business drivers to add connectivity between corporate network services and these systems.

Adding increased connectivity into what has traditionally been isolated with an air gap presents significant people, process, and technical challenges. Naturally, the goal is to make an investment in an architecture that has a clear ROI, and to determining the level of defensive layers appropriate to the surety and risk required for a given enterprise. The TCG ICS Security specification bridges gaps between IT management tools and the operational requirements of ICSs, while simplifying the application of additional defensive layers of security.

Building on the soon-to-be-published ISA 100.15 architectural model for secure ICS communications over untrusted shared networks (TR100.15.1, “Wireless Backhaul”), the ICS domain-specific network architecture defined in the new specification:

  • Operates with legacy (existing) ICS devices and infrastructure
  • Enables isolation between ICS security domains and/or individual ICS components
  • Enables the use of cryptographically bound identities for ICS devices and Policy Enforcement Points (PEPs)
  • Enables the use of overlay networks for isolating and protecting key components
  • Enables the creation of extended metadata for defensive layers such as firewall and deep packet inspection (DPI)
  • Provides operational access control
  • Enables self-provisioning ICS Devices

Taking the first step

With enough effort, any physical or cyber security system can ultimately be breached, yet businesses interested in strengthening their defenses against attackers need to explore the protection that can be added to their network infrastructure, including the ICS elements. The Trusted Computing Group with its established history of providing improved trust to enterprise computers, networks, and more, has the standards-based tools to implement this higher level of security. For ICS and SCADA equipment, the new ICS Security Metadata specification provides the means to add a layer of management and security into new and existing ICS environments. The alternative of doing nothing could provide first-hand experience to the destruction and disruption that increasingly dangerous malicious software can cause.

David Mattes is an invited expert to the Trusted Computing Group and founder of Asguard Networks

Read more on Hackers and cybercrime prevention