BR +55 11 3069 3925 | USA +1 469 620 7643

How Privileged Access Management Helps Protect Critical Infrastructure Systems

by | May 23, 2019 | BLOG

Critical systems, or critical infrastructure, is currently a subject unknown to many. However, an incident in these environments can have serious consequences on the economic, social, and safety aspects of the population. Services and facilities such as water supply and treatment, energy, telecommunication, transport, and other systems are defined as critical infrastructures. Due to the fact that these services are essential to the population, the concern to protect and control access to this type of infrastructure has attracted attention from companies and governments in order to find effective measures to protect these systems against malicious attacks. With the emergence of Industry 4.0, critical infrastructure environments were also automated and new technologies were integrated into their activities. Many of these critical services use proprietary and internal protocols for communication. Others, however, became computerized, connecting objects, machines, and systems to control the conditions of the equipment that sustains all critical infrastructure through communication networks such as the Internet. ICS – Industrial Control Systems – are responsible for the integration of hardware and software with the network. This integration includes some components, including SCADA – Supervisory Control and Data Acquisition -. the most commonly used nowadays which processes, controls, and acquires data remotely in real time. ICS systems receive alerts from different components through SCADA, which in turn collects and forwards data between devices. These devices can be, for example, sensors and thermometers, and are still remotely responsible for providing their operators with the management and control of the data. Although they have similar concepts, the Internet of Things (IoT) devices are connected to the Internet, while Industrial Control Systems connect physical devices and infrastructures. However, it is worth mentioning that IoT is also present in the industries and services, and it participated in the automation process, making it easier for the use of different devices through the collection of data from one to another. SCADA software is able to warn and record events and aspects that are fundamental to the operation of the systems. Because of their importance to governments and to society, ICS and SCADA are constant targets of malicious agents, mainly terrorist groups. These agents aim to destabilize essential services to the population, which can bring serious impacts to cities, states, or even whole nations. In 2010, the Stuxnet virus – targeted at SCADA software – was able to stop Iranian uranium centrifuges by increasing the speed of rotation and sending false messages to other controllers that the rotation was working as it should.  A more recent case of an attack to ICS systems has occurred in 2017 through the TRITON malware, which had the task of reprogramming the controllers of a petrochemical plant in Saudi Arabia to cause an explosion. Fortunately, due to an error by the malicious agent, what happened next was only a shutdown of the whole system. Many ICS systems are legacy-based and have minimal – or in some cases no – authentication control. This lack of control allows all operators to have access to data and network components. This absence of caution with the authentication on such critical systems is a major risk because unauthorized access or human error can be fatal in this type of infrastructure. To access ICS systems, attackers first invade the computers connected to the Internet, moving in the infrastructure until they find a credential that has the privileges of access to the SCADA software. This was the case with the TRITON malware, which became unnoticeable in the system during its invasion through the theft of credentials. This type of attack can take a long time to be unveiled, since the attacker camouflages themselves like any other user when performing their actions. In addition, a malicious attacker can infiltrate systems that have no authentication control, remaining there for days, months or even years without being noticed. During this period of time, they can get a lot of data and even shut down a service. The consequences of such attacks can lead to a blackout in a power provider, or even increase the level of substances to be placed in a water treatment system. Industries, companies, government, and others operating critical infrastructure systems should be especially concerned with the unrestricted access that these technologies have within their environment. SCADA software and privileged credentials are the pots of gold an attacker wants to find during their invasion. Therefore, the focus of organizations dealing with critical infrastructure should be to make access to and use of these assets more difficult. To apply this great security practice, some tools may be essential to protect these environments.   A Privileged Access Management (PAM) solution can help create access controls for sensors and other infrastructure devices, ensuring that they are not accessed improperly.  A PAM solution allows the protection of ICS/SCADA via the following functionalities:
  • Credential Management – You can manage credentials in a number of environments, systems, and applications. A PAM solution allows you to define administrator users who will be granted the use of a password for physical access, and the group of users who can use the remote access offered by the solution to access a target device or system;
  • Remote Session with Recording Features – the PAM solution may allow the recording and storage of all remote sessions performed. The session video files must be stored in a secure, encrypted, and protected storage repository;
  • Indexing of input and output logs – all text inputs, in addition to the actions logged, must be indexed along with the video session time, allowing you to search for any command. In this way, you can quickly find any command executed during a remote session;
A PAM solution has features and functions that can help create a more secure and controlled environment for ICS systems. Thus, implementing this type of solution results in a more secure and protected environment in any organization that uses ICS/SCADA in its infrastructure.  The result is the assurance that no suspension in key services occurs, either by external or even internal attacks.

Applying Zero Trust to PAM

The implementation of the Zero Trust-based security model has gained space in recent times, promoting the default approach of never trusting, and always checking before granting access to a company's perimeter. This practice is extremely important to ensure...

How to Apply Account Lifecycle Management?

In this article, we will show you how account lifecycle management works through best practices and what are the advantages of investing in the senhasegura PAM solution.  Our text is divided by topics. They are as follows: What Is Account Lifecycle and Its Management?...

Password Vault: A Complete Guide

The use of many credentials to access various services often causes people to opt for weak passwords or the reuse of passwords, making loopholes for the action of malicious agents.  Moreover, the explosion in the number of connected devices due to technologies such as...

Secrets of Cyber Resilience

In recent years the world has considerably evolved, with organizations increasingly adopting digital initiatives, like Cloud, IoT, Big Data, Artificial Intelligence and Machine Learning. And the Covid-19 pandemic has forced organizations to accelerate the adoption of...

Gartner Identity & Access Management Summit Why should you consider attending

Cybersecurity is an increasingly present topic at meetings at all levels of an organization. And with the increase in digitalization and connectivity of companies, cyber risks are increasingly associated with business risks and are not limited only to large...
Copy link
Powered by Social Snap