Skip to main content

Implementing Zero-Trust in an ICS environment

(Image credit: Shutterstock / Rabbit_Photo)

More and more, threat actors have their eye on Industrial Control Systems (ICS), as their value and importance to everyday life and human safety makes them an attractive target to someone looking to exploit vulnerable networks. Unfortunately, the reality is that these are often left insufficiently secured and vulnerable to a breach. With the past shift to remote working and the current transition back to ‘typical’ working life, organizations have embraced the cloud and digital transformation while looking to implement a hybrid work model. This drastically increases the attack surface and highlights the importance of protecting ICS environments. One way to ensure protection and reduce the attack surface along with the risk of breach is implementing a Zero Trust model. 

What exactly is a Zero Trust model?

Coined by a Forrester analyst in 2010, the Zero Trust model is a method of verifying every individual and device that attempts to join a network before access is granted. This method is increasingly incorporated into large corporations as enterprise systems are becoming more vulnerable to breach by sophisticated hackers. 

As can be inferred from the name, Zero-Trust moves away from the traditional approach of trusting everything connected to the network. On the contrary, organizations should not automatically trust any person or device neither inside nor outside the organization’s perimeters. This limits access to only verified and ‘safe’ users and devices and creates a secure defensive layer around the organization’s valuable assets and networks.

Why are ICS environments so vulnerable? 

ICS environments are the systems and devices that manage and enable control and operations of critical infrastructure services, such as electricity and gas suppliers, nuclear power plants and oil refineries, to name but a few. Not only are these unique in their functions, but they are crucial to everyday life and human safety. As such, cybercriminals often have their sight set on infiltrating ICS environments, as any disruption can be disastrous and attackers are more likely to benefit from financial gain or further a political cause. Components of ICS that are vulnerable include operational technology (OT) and Internet of things (IoT) and Industrial IoT. This is because OT controls and monitors industrial assets, equipment, events and processes. An attack on these could cause a manufacturing plant to halt operations completely or even take an air traffic control tower offline. With regards to Iot and IIoT, potential vulnerabilities could surface as a result of being coupled with OT devices and being connected to the internet or IT systems, which could lead to larger attacks.

An example of a dangerous incident affecting ICS environments is the coordinated cyber-attack on the Kyvivoblenergo power distribution company in Ukraine. The incident happened in 2015, during which approximately 250,000 customers lost power. Hackers managed to get access to computers on the company network via a phishing link, escalated their privileges and changed the operators’ passwords, taking several beakers offline. Not stopping there, the bad actors also disabled any backup power supplies leaving residents in the dark for up to 6 hours and affecting the control centers for several months following the incident.

Why Zero Trust provides an adequate layer of security within ICS

Due to the value and vulnerability of ICS environments, it is vital for organizations to patch vulnerabilities and safeguard their systems against any threats. Blocking unauthorized access to these systems is key to containing and stopping data breaches from occurring as well as preventing attackers to gain access and move laterally across a network. When it comes to critical national infrastructure, zero trust concepts such as authentication, authorization and monitoring are crucial in securing their networks, hardware and machines.

What’s more is that these networks often run on legacy systems or hardware that are out of date and no longer comply with modern security controls. These often lack access management systems, meaning the devices and users on their network are not monitored. As a result, these systems and networks are insufficiently secured and, therefore, vulnerable to attackers. As such, a zero-trust approach enables businesses to take control of their access management, provide secure access to their legacy systems and have full visibility over the devices and users on their networks.

How can an organization implement zero trust in ICS?  

First and foremost, it is vital for zero trust to be incorporated into the organization’s systems to augment existing systems rather than replace them. In order to do so, there is a five-step implementation process:  

  1. Define the network: As technology is constantly changing, the attack surface simultaneously evolves with it, making it difficult to protect an organization entirely. Implementing a Zero Trust policy should begin with defining the attack surface by knowing which critical applications, assets, data and services are vulnerable. 
  2. Map traffic: To achieve full visibility over the network, the flow of traffic must be mapped and documented in order to gain insight into how different resources interact. In doing so, organizations will have clarity around the controls they require to protect their applications and data. 
  3. Architect the network: The Zero Trust architecture should fit the specific needs of a business. A next-generation firewall (NGFW) can do this by providing a segmentation gateway or perimeter around the surface the business wants to protect, enabling them to add more layers of access control and inspection internally. 
  4. Create a policy: Creating a Zero Trust policy gives organizations control over creating a whitelist of devices and people. This way only those on that list will have specific access to resources.
  5. Monitor and maintain: Finally, the approach should be monitored consistently to gain insight into network activity and be able to update systems and on-premises devices as needed. 

Implementing Zero trust with two-factor or multi-factor authentication will make it much harder for attackers to gain unauthorized access to valuable assets and information. Users and devices will be forced to verify themselves before entering a network, meaning organizations are more secure, as attackers won’t be able to infiltrate company systems, even with legitimate, stolen user credentials. 

Sachin Shah, CTO for Operational Technology and ICS, Armis

Sachin is the Chief Technology Officer, for OT and ICS at Armis Security. He is responsible for outlining goals, resources and timelines for the research and development team for all technological services.