Designing Operational Technology with Security in Mind

June 7, 2013 Yariv Lenchner


by Yariv Lenchner

I saw a post recently on Slashdot that got me thinking about the security of operational technology used for our critical infrastructure. The poster asked the question (paraphrased):

Is there a device to automatically disconnect network or otherwise time limit a physical connection to a network? We are dealing with a production outage of large industrial equipment. The cause? The supplier, with no notice, remotely connected to the process control system and completely botched an update to their system.

Believe it or not, this is very much like what happens when critical infrastructure is attacked by an outside attacker. Someone outside the organization is able to remotely connect to an ICS and perform functions that they shouldn’t. According to Charles Edwards, deputy inspector general of the Department of Homeland Security (DHS), this includes “the potential for large-scale power outages or man-made environmental disasters and cause physical damage, loss of life and other cascading effects.”

The industrial control world is a very unique world. Even though it’s using more and more technologies that are coming from the general IT world, it still has its own unique needs and ways of doing things. One of the most well-known differences is the preference for availability over security in the design of systems. This is, of course, very problematic as more and more industrial control networks become the target of cyber-attacks.

In the case of the Slashdot poster, and in the case of cyber-attacks, Cyber-Ark’s Privileged Session Management (PSM) suite (acting as a Next-Generation Jump Server) would provide more control over who is accessing the industrial control network and what they’re doing once they’ve assumed control.

In the case of the Slashdot poster – using Cyber-Ark PSM, the poster could have:

  • Set a rule that will require the utility to authorize the remote access request before any access is granted;
  • Monitor the session in real time (as if it was over-the-shoulder monitoring); Intervened in the privileged session and terminated it immediately;
  • Performed root-cause analysis for rapid remediation and change management review;
  • Reviewed video recorded session playbacks for audit proof.

The point? Industrial control vendors did not build their systems with security in mind – and it’ll be several generations of products until they catch up to the threat landscape. Critical infrastructure companies must be proactive and take control over the exposed privileged accounts in their operational technology.



Previous Article
A New Privileged Account Security Model
A New Privileged Account Security Model

by Derrick Pyle Regular readers of our blog know that one of our favorite topic areas is the connection bet...

Next Article
Malicious Insiders vs. Outside Threats? – One and the Same.
Malicious Insiders vs. Outside Threats? – One and the Same.

by John Worrall Headlines about advanced threats, targeted attacks, cyber-espionage, and cyber-terrorism ha...