How Privileged Access Management Helps Protect Critical Infrastructure Systems
Critical systems, or critical infrastructure, is currently a subject unknown to many. However, an incident in these environments can have serious consequences on the economic, social, and safety aspects of the population. Services and facilities such as water supply and treatment, energy, telecommunication, transport, and other systems are defined as critical infrastructures. Due to the fact that these services are essential to the population, the concern to protect and control access to this type of infrastructure has attracted attention from companies and governments in order to find effective measures to protect these systems against malicious attacks.
With the emergence of Industry 4.0, critical infrastructure environments were also automated and new technologies were integrated into their activities. Many of these critical services use proprietary and internal protocols for communication. Others, however, became computerized, connecting objects, machines, and systems to control the conditions of the equipment that sustains all critical infrastructure through communication networks such as the Internet.
ICS – Industrial Control Systems – are responsible for the integration of hardware and software with the network. This integration includes some components, including SCADA – Supervisory Control and Data Acquisition -. the most commonly used nowadays which processes, controls, and acquires data remotely in real time. ICS systems receive alerts from different components through SCADA, which in turn collects and forwards data between devices. These devices can be, for example, sensors and thermometers, and are still remotely responsible for providing their operators with the management and control of the data.
Although they have similar concepts, the Internet of Things (IoT) devices are connected to the Internet, while Industrial Control Systems connect physical devices and infrastructures. However, it is worth mentioning that IoT is also present in the industries and services, and it participated in the automation process, making it easier for the use of different devices through the collection of data from one to another.
SCADA software is able to warn and record events and aspects that are fundamental to the operation of the systems. Because of their importance to governments and to society, ICS and SCADA are constant targets of malicious agents, mainly terrorist groups. These agents aim to destabilize essential services to the population, which can bring serious impacts to cities, states, or even whole nations. In 2010, the Stuxnet virus – targeted at SCADA software – was able to stop Iranian uranium centrifuges by increasing the speed of rotation and sending false messages to other controllers that the rotation was working as it should. A more recent case of an attack to ICS systems has occurred in 2017 through the TRITON malware, which had the task of reprogramming the controllers of a petrochemical plant in Saudi Arabia to cause an explosion. Fortunately, due to an error by the malicious agent, what happened next was only a shutdown of the whole system.
Many ICS systems are legacy-based and have minimal – or in some cases no – authentication control. This lack of control allows all operators to have access to data and network components. This absence of caution with the authentication on such critical systems is a major risk because unauthorized access or human error can be fatal in this type of infrastructure.
To access ICS systems, attackers first invade the computers connected to the Internet, moving in the infrastructure until they find a credential that has the privileges of access to the SCADA software. This was the case with the TRITON malware, which became unnoticeable in the system during its invasion through the theft of credentials. This type of attack can take a long time to be unveiled, since the attacker camouflages themselves like any other user when performing their actions. In addition, a malicious attacker can infiltrate systems that have no authentication control, remaining there for days, months or even years without being noticed. During this period of time, they can get a lot of data and even shut down a service. The consequences of such attacks can lead to a blackout in a power provider, or even increase the level of substances to be placed in a water treatment system.
Industries, companies, government, and others operating critical infrastructure systems should be especially concerned with the unrestricted access that these technologies have within their environment. SCADA software and privileged credentials are the pots of gold an attacker wants to find during their invasion. Therefore, the focus of organizations dealing with critical infrastructure should be to make access to and use of these assets more difficult. To apply this great security practice, some tools may be essential to protect these environments.
A Privileged Access Management (PAM) solution can help create access controls for sensors and other infrastructure devices, ensuring that they are not accessed improperly. A PAM solution allows the protection of ICS/SCADA via the following functionalities:
- Credential Management – You can manage credentials in a number of environments, systems, and applications. A PAM solution allows you to define administrator users who will be granted the use of a password for physical access, and the group of users who can use the remote access offered by the solution to access a target device or system;
- Remote Session with Recording Features – the PAM solution may allow the recording and storage of all remote sessions performed. The session video files must be stored in a secure, encrypted, and protected storage repository;
- Indexing of input and output logs – all text inputs, in addition to the actions logged, must be indexed along with the video session time, allowing you to search for any command. In this way, you can quickly find any command executed during a remote session;