ICS Sensors & Cybersecurity Sensibility – An Engineer's Handbook
Can ICS Sensors Protect You?
In the modern era of digitalisation, critical societal functions such as distribution of electricity, drinking water, district heating and cooling are dependent on computer-based systems for supervision, regulation and monitoring of the central physical processes. There are several overlapping titles for these computer-based supervision and control systems. For this blog's purposes, we propose to use the title of Industrial control systems, but the systems are also referred to as Distributed Control Systems, Process Control Systems, industrial information and control systems, and real-time embedded systems.
The underlying physical process can contain many measurement points that can be spread over large geographical areas. The process interface means that communicating reality is primarily made up of sensors for monitoring and actuators for control equipment. In this blog, we will focus on the security considerations of these ICS Sensors.
"As ICS are adopting IT solutions to promote corporate business systems connectivity and remote access capabilities, and are being designed and implemented using industry standard computers, operating systems (OS) and network protocols, they are starting to resemble IT systems. This integration supports new IT capabilities, but it provides significantly less isolation for ICS from the outside world than predecessor systems, “creating a greater need to secure these systems."
What Has Changed?
ICS systems previously satisfied high-security demands through isolation from surroundings and good physical security. However, as noted above, today's demands on process orientation from a business perspective, these systems are becoming digitalised and thus leading to increased connectivity of these critical devices to the larger internet.
As Industrial Control Systems become more sophisticated, the attack surface increases and automated programmable sensors can alert any potential anomalies to prevent a cyber threat from being materialised.
Compromise on ICS could lead to compromise on safety. The failure of maintaining ICS devices could result in injury, damage to the environment, threaten critical infrastructure or damage the equipment itself.
Set the Context:
For every ICS engineer, the core tenets of ICS are:
- Keep systems running and reducing downtime
- Protect ICS from cybersecurity threats
- Optimise processes to minimise the loss in terms of time, maintenance or product
Let us start with a basic understanding of what an ICS Sensor is. A sensor in a basic automation system is depicted in the figure. The detection and analysis of some physical effects provide information to the control system to a system under control, which controls a 'set point' range. The controller gives output to a command to an actuator (a valve, for example) to correct for measured deviations from the setpoint, and the control loop is thereby closed.
This integration of sensor and actuator turns a furnace or other space conditioning device on or off, depending on whether the temperature is within the setpoint.
From Temperature Checks to Flow Analysis
The first step to optimising any control system is taking accurate, reliable measurements of process parameters that matter. We cannot improve what you do not measure.
Mostly, sensors are analogue (they involve a continuously changing output property), and digital computers use control loops. Therefore, an analogue-to-digital converter is often required between the pre-processor and the ICS.
The sensor could operate either passively or actively. The physical stimulus is available in the ICS environment and does not have to be provided in the passive case; For an active issue, a particular physical stimulation must be provided. Visible light needs to illuminate the object before the sensor can receive a physical stimulus for the Machine vision and colour identification sensors. Laser sensors are also active-type sensors. Passive sensors are infrared devices (the physical stimulation being generated from infrared radiation and sensors to measure pressure, humidity, flow, temperature, displacement, proximity, and other physical parameters.
Process sensors are in many forms, including the famous four: temperature sensors, level sensors, pressure sensors, and flow sensors (more often called flowmeters). Process sensors are used in numerous applications and perform accurate measurements of the process. If the process control system tells actuators to move process variables based on inaccurate measurements, things aren't likely to improve.
The process sensor can vary based on technology for the process sensing element, size, environment, process sensor type, package, mounting, sensitivity, accuracy, and repeatability based on the application, A temperature sensor in a heated environment, for example, probably would not work on a frozen environment.
For some processes can take place, process sensors are needed. The desired result could not occur and hazards can result outside of a narrow temperature range, the quality will suffer, and medications or food can turn into waste.
Figure 3. Level Sensor
Figure 4. Pressure Sensor
Figure 5. Temperature Sensor
Figure 6. Flow Sensor
What Does the ICS Sensors Say?Understanding most common industrial control system threats is the first step that any industrial organisation can take to protect its ICS. The next steps to be taken are given below:
“Even the lower levels of a modern ICS architecture (endpoints, field devices, instrumentation, intelligent sensors and actuators) now rely on remote connectivity for communication, control, configuration and data collection.”
How Do Standards Support You?
IEC 62682 is a successor of ISA/IEC 18.2 Standard. ISA 6282 standard states that “The focus of ISA-18.2 is on alarm systems that are part of modern control systems, such as DCSs, SCADA systems, PLCs, or Safety Systems. It applies to plants with operators responding to alarms depicted on a computer-type screen and/or an annunciator.
Plant operators in complex operations rely on the alarm system as the primary means of detecting abnormal situations. When the alarm system underperforms, plants incur unnecessary risk in safety and profitability. Unfortunately, operators adapt to a status quo, never fully realising the extent of that risk.
“Performing a thorough alarm system performance benchmark and gap assessment is often the first step in creating a sustainable alarm management programme and gaining management buy-in.”
Careful Analysis of the System’s Criticality is the Key
Pragmatic Sensor Configuration Protects Your Nation
As per SANS ICS Cybersecurity survey conducted in year 2017 and 2019 respectively, it was noted that “Foreign nation-states or state-sponsored parties” and “Organised crime” ranks 2nd and 3rd among the top “Intentional and Malicious” threat actors that attack ICS systems. It is also interesting to see that as compared to the year 2017, the percentage of attacks of both foreign nations and organised crime account for more than 51% of the total attacks on ICS systems.
In addition to this, the survey also found out that more than 53% of the companies require minimum 2 to 7 days for compromise detection to remediation. This showcases that a threat actor can easily perform the intended damage to ICS systems as there is a minimum time-window of 48 hours where the presence of the threat is not even detected within the compromised system. This is where ICS Sensors play a vital role is early detection and alarm notification wherein the ICS operators and control room engineers are aptly informed about any minor variations regularly in real time.
Periodically, users should verify if the alarms sent through the system are necessary for enhancing cybersecurity. Users should be able to analyse which alarms can be lowered in priority, filtered out of alarm overviews, temporarily disabled, or removed entirely.
The general advice is to opt for an alarm management system that follows ISA 18.2 guidelines. Using an alarm management system that follows ISA 18.2 will enable the user to make the vendor to implement ISA guidelines for that product. In addition to this, the use of industry standards allows users to feel confident that a chosen system can achieve desired results with optimal cybersecurity.
In addition to complying with industry standards, there are other recommended features that industries should explore. These include several events that help reduce alarms in the system without permanently removing the alarms from system parameters (such as anomalies, out of service, disabling, or filtering). These features allow choices in reducing the load on the system while preserving the original to "undo" any changes if needed. Customers should also be cautious of some features, such as tying alarms to popular social media platforms. Many customers are discouraged from this feature after realising that proprietary information will be considered to be these social media companies after it is published.
With early design planning and attention to details, such as understanding and maintenance tasks, industry standards, and accurate time-saving features, alarm management can become a tool to help optimise operations and enhance the overall cybersecurity posture of ICS.