LITERATURE REVIEW
2.7. DIFFERENCES BETWEEN IT SECURITY AND CYBER-SECURITY Safeguarding the industrial control systems is different from the safeguarding of IT systems
when it comes to issues pertaining to cyber-security. It is, therefore, essential that the IT professionals and ICS professionals should work together to jointly develop a cyber-security solution that will benefit the entire municipality (Neitzel & Huba, 2014). According to Neitzel and Huba (2014), there are ten key differences between ICS and IT cyber-security and these are discussed below:
a. Security objective – The primary cyber-security objective for IT systems is to protect data (confidentiality). The main ICS cyber-security objective is to maintain the production process integrity and the availability of its components.
b. Network segmentation – Business IT systems are made of connected subnets that are connected to the Internet. Subsequently, protection from internet and access controls are IT networks security’s primary focus. ICSs are seen as industrial intranets with two security needs, the first being that access to the Internet and e-mail is not permitted, and the second is that rigorous protection of ICS networks from other business
networks is required, particularly those networks with access to the Internet. ICSs are isolated from other business IT networks through a ‘demilitarised’ zone (DMZ) which operates in-between the other business networks and the ICS.
c. Network topology – IT systems are often large and include Wi-Fi networks, data centres, and intranets. In contrast, ICSs are small and are composed of a configura t io n database and event/data historians. Normally IT systems comprise many nodes that are daily affected by the number of users and applications that are connected and disconnected continuously. On the other hand, the ICSs are considerably smaller and normally have configurations that are statically defined.
d. Functional partitioning – The functional partitioning of IT systems and ICSs are different. IT systems are commonly divided into different administrative partitions in order to restrict access to information. The partitioning of ICS is divided into three levels: Level 0, which represents the physical process; level 1, which is control and monitoring; and level 2, which is supervisory control. IT security cannot be mapped onto the ICS due to the fact that ICSs have vendor-specific security-related tools which are unknown to IT systems, such as universal serial bus ports disabling features, custom event logs, and port lockdown mechanisms.
e. Physical components – IT systems consist of off-the-shelf workstations, servers, and networks that IT can access and administer. Consequently, IT can define security policies for such components, and can implement off-the-shelf security-related tools such as anti-virus systems, firewalls, and patch manageme nt systems. ICSs are made up of components which are custom built and generally foreign to IT. These components include network devices for industrial use, such as Ethernet switches and firewalls, servers and workstations that are ‘hardened’ such that their software is custom built, and as a result, their security policies are industry standards which may not align with the ones used within IT systems.
f. User accounts – There are two types of user accounts in IT systems and these are the operating system user account, and the application-specific user account. ICSs have operating system user accounts and their own application-specific users that are role- based users to access controls for granting and denying access to control data and devices. Such roles include process engineers, operators, and maintenance engineers.
ICS is a complete distributed system that is made up of configuration, databases, event journals, operation, and maintenance applications.
g. Safety instrumented system (SIS) is a key aspect for ICS for the maintenance of the safe operation of the process, through putting into a safe state the process, when there is a detected condition that threatens the safety of the process. SISs are securely segmented and are separated from ICS networks. Therefore, managing the security of ICSs includes the safeguarding of SIS; all of these are normally not outside the IT systems professionals’ scope.
h. Untested software – To maintain IT systems’ security, it is critical to keep pace with the evolution of new software, thereby keeping the systems current. In contrast, ICSs are specific to hardware configuration and operating system versions, and, when the component is changed or updated, other components may not run appropriately.
Thorough testing of patches and virus definition files must happen first, before approval is given for implementation. IT systems’ new software is often not rigorously tested for compatibility with the IT system.
i. Patching – IT systems, generally, have software for managing patching to automatically and quickly install security updates. ICS patching takes a longer time because those patches require testing, approving, scheduling and validating to maintain the state and to render control repeatable.
j. Security inconveniences – Security measures that are tolerable for IT systems are intolerable for ICS. For example, in IT systems the users have to wait for the operating system’s patches update to finish before using the system, and wait for the helpdesk to reset the user control password. These inconveniences are intolerable in ICS due to the criticality of services provided by the ICS systems. Consequently, the security measures that are acceptable in IT systems may not necessarily be the same for ICSs.
If IT systems’ security measures are enforced indiscriminately, they may pose a serious threat to ICS security.
2.8. CURRENT RESEARCH PERSPECTIVES ON CYBER-SECURITY IN