Home / Blog / Protocols and network security in ICS infrastructures

Protocols and network security in ICS infrastructures

Posted on 05/05/2015, by INCIBE
Protocols and network security

In the last decades the growth of Internet and the number of devices with connectivity and process capacity have brought with them the need to adjust the corresponding security measures. Nevertheless, these security adjustments have not always grown at the same pace as the new technologies and the new devices. The Industrial Control System infrastructures are no exception and they find themselves equally affected by this evolutionary movement, if not even more so, given that the industrial control platforms used, and specifically communication protocols, are, in the main, outdated and intrinsically weak by design.

 

The trend observed in threat detection clearly shows that industrial infrastructures have become an important objective for cyber-attacks. Proof of this lies in the increasing number of incidents and events related to this type of infrastructure, which in 2014, according to the DELL threat report, saw a duplication of the number of incidents related to these structures. The evolution over time of some important milestones can be seen in the following timeline:

Main threats in ICS timeline

- Main threats in ICS timeline -

The traditional image of totally isolated industrial control systems has become unreal due to modern needs and circumstances, as we saw in the article "Segmentation in ICS". At this stage, we need a reappraisal of the perimeter and segmentation security mechanisms.

With this argument in mind, the current INCIBE study concentrates on some of the most usual ICS protocols, with the aim of contributing a vision on the security details that must be taken into account when deploying these industrial protocols in heterogeneous ecosystems.

This study introduces the general characteristics to bear in mind when designing an ICS infrastructure network, pausing at each safety element that can be found in any typical network implementation: coding, authentication, access control, security management policies etc. Following this generic approximation the study continues with a security analysis of some of the most frequent ICS protocols: CIP, Modbus, DNP3, Profibus, Profinet, Powerlink Ethernet, OPC and EtherCAT.

The study, available in English and Spanish, is available to download in the following links:

Spanish: Protocolos y seguridad de red en infraestructuras SCI

English: Protocols and network security in ICS infrastructures