Virtualization is a topic that we already introduced in the articles My SCADA in the cloud y Device evolution in Industrial Control Systems, although we did not make any reference to the related security issues, the current visualization techniques or the degree of implementation of this technology in the control systems.
Before addressing the topic it is necessary to distinguish between cloud computing and virtualization. Virtualization is generally unrelated to hardware and focuses on the software, whereas cloud computing separates the applications from the platform where they are executed.
Virtualization, as it is usually understood, means the deployment of many complete software machines within the same hardware structure. Depending on the deployment, there are two types of virtualization: type 1 hypervisors or directly installed as an operating system and type 2 hypervisors or installed on a commercial operating system; as we mentioned in My SCADA in the cloud.
-Classic virtualization architecture scheme-
The full virtualization of the machines allows these machines to work separately, and therefore they may be managed as if they were independent hardware machines but contributing to the increase of resources if necessary.
The most recent development in virtualization is the use of containers. By means of this technology the whole system is not virtualized; instead, from a baseline image the changes made both by installing and uninstalling of applications and services are registered. Thanks to this process, the machine image files are smaller and the needs for space are considerably reduced.
-Comparison between traditional virtualization and container-based virtualization
The containers are isolated from each other, but they share the same operating system, libraries and binaries. This means that the deployment is much faster than a new installation, as well as the restart processes and migrations, but it has a disadvantage: any vulnerability in a host machine may also affect the rest, as the baseline of the operating system is shared.
Virtualization state in the ICS
Virtualization in the ICS is conditioned on several aspects that may limit its implementation. These are:
- Virtualization does not allow for the physical separation of the different areas of security that must exist in a control system, distinguishing at least the supervision, DMZ and production areas.
- The regulations, which in many cases did not consider virtualization as a possibility. Some of its controls are not compatible with it, such as controls related to the electronic security perimeter and the protection of critical assets.
- The poor software certification in virtualized environments by the developers, or a licensing system that is not compatible with virtualization.
The access of virtualization to control systems will start by the less critical processes in which the provisional loss of communications is not a problem, until it evolves sufficiently to be adapted to real-time field automation environments. Regarding the use of containers, deployments of this technology are not common usual in the industry, but sometimes, as this article mentions, for development environments, for example, may be a feasible option.
Advantages and disadvantages as compared with real systems
The main argument in favour of virtualizing a SCADA system is the reduction of hardware and infrastructure, and therefore the expenses; but there are also other reasons.
The virtualization of control systems allows for their integration into the corporate environment and therefore it is possible to create closer links among different departments and share responsibilities and decision-making processes, improving the collaboration and integration of security measures.
-Advantages and disadvantages of virtualization-
Another advantage of virtualization is the possibility of improving the performance and response of certain processes, thus balancing the load. When these processes require more resources, the HMC (Hardware Managment Console) will provide these resources but when they are no longer used, these capacities will be transferred to other processes or machines virtualized in the same server. In addition, if different virtualization servers are connected, the HMC may transfer a virtual image to a different server that is using fewer resources.
Since virtualization is used to group together machines in a same hardware, which are subsequently remotely accessed, this characteristic allows to improve the tasks of the personnel that must access information with different security levels, using different properly segmented virtual machines instead of different air-gap separated units.
Security and virtualization
Despite the limitations, the potential benefits of efficiency, security and reliability are sufficient improvements to justify the progressive development and the introduction of virtualization technologies. For example, real-time hypervisors may provide secure segmentation and isolation, allowing for the creation of execution environments managed in real time for workloads, with an ongoing assessment of the performance of the partitioning, also offering backup and recovery capacities for systems that are potentially at risk. Error tolerant virtualization, high availability configuration, allows to have two servers being executed at the same time. A server executes the application, as if it was a single server operating, and the other one executes an image in the shadow of the instance of the active server, which means that this second server has an identical copy of the active server. When any type of availability problem in the main server occurs, the shadow server starts operating, receiving all communications with the field controllers and the HMI of the control rooms.
The use of SDN technologies (Software Defined Networking) may provide the means to monitor the performance of the communications infrastructure, while facilitating the implementation of countermeasures and the deployment of security mechanisms. As the control systems is increasingly distributed, a NFV (Network Function Virtualization) may provide the resources to efficiently distribute security components through the communications infrastructure of the control system, in order to fit better in the distributed and scattered nature of the protected systems.
Although virtualization is increasingly spreading, most of the companies which have deployed it or are currently deploying it do not consider any action related to the security of their virtualization infrastructures, only in the units being virtualized.
The attack surface of a virtualized environment is extended to other components that are not critical in the real systems. Therefore, graphics cards and network cards may check the performance of all virtual machines, being able to detect a security breach for them. The solutions to these problems must be developed from the chip. The malware which may affect the hypervisor system is also important, although at the moment they are slightly susceptible to attacks.
We must take into account that if production systems are virtualized, redundancy and availability must be inhibited if there is a single vulnerability in the hypervisor which may be remotely operated.
Nowadays virtualization is a proper solution in terms of security both for corporate environments and industrial environments. The improvement in real-time characteristics and availability will be the turning point for their final introduction into control systems.