BR +55 11 3069 3925 | USA +1 469 620 7643

How Privileged Access Management Helps Protect Critical Infrastructure Systems

by | May 23, 2019 | BLOG

Critical systems, or critical infrastructure, is currently a subject unknown to many. However, an incident in these environments can have serious consequences on the economic, social, and safety aspects of the population. Services and facilities such as water supply and treatment, energy, telecommunication, transport, and other systems are defined as critical infrastructures. Due to the fact that these services are essential to the population, the concern to protect and control access to this type of infrastructure has attracted attention from companies and governments in order to find effective measures to protect these systems against malicious attacks. With the emergence of Industry 4.0, critical infrastructure environments were also automated and new technologies were integrated into their activities. Many of these critical services use proprietary and internal protocols for communication. Others, however, became computerized, connecting objects, machines, and systems to control the conditions of the equipment that sustains all critical infrastructure through communication networks such as the Internet. ICS – Industrial Control Systems – are responsible for the integration of hardware and software with the network. This integration includes some components, including SCADA – Supervisory Control and Data Acquisition -. the most commonly used nowadays which processes, controls, and acquires data remotely in real time. ICS systems receive alerts from different components through SCADA, which in turn collects and forwards data between devices. These devices can be, for example, sensors and thermometers, and are still remotely responsible for providing their operators with the management and control of the data. Although they have similar concepts, the Internet of Things (IoT) devices are connected to the Internet, while Industrial Control Systems connect physical devices and infrastructures. However, it is worth mentioning that IoT is also present in the industries and services, and it participated in the automation process, making it easier for the use of different devices through the collection of data from one to another. SCADA software is able to warn and record events and aspects that are fundamental to the operation of the systems. Because of their importance to governments and to society, ICS and SCADA are constant targets of malicious agents, mainly terrorist groups. These agents aim to destabilize essential services to the population, which can bring serious impacts to cities, states, or even whole nations. In 2010, the Stuxnet virus – targeted at SCADA software – was able to stop Iranian uranium centrifuges by increasing the speed of rotation and sending false messages to other controllers that the rotation was working as it should.  A more recent case of an attack to ICS systems has occurred in 2017 through the TRITON malware, which had the task of reprogramming the controllers of a petrochemical plant in Saudi Arabia to cause an explosion. Fortunately, due to an error by the malicious agent, what happened next was only a shutdown of the whole system. Many ICS systems are legacy-based and have minimal – or in some cases no – authentication control. This lack of control allows all operators to have access to data and network components. This absence of caution with the authentication on such critical systems is a major risk because unauthorized access or human error can be fatal in this type of infrastructure. To access ICS systems, attackers first invade the computers connected to the Internet, moving in the infrastructure until they find a credential that has the privileges of access to the SCADA software. This was the case with the TRITON malware, which became unnoticeable in the system during its invasion through the theft of credentials. This type of attack can take a long time to be unveiled, since the attacker camouflages themselves like any other user when performing their actions. In addition, a malicious attacker can infiltrate systems that have no authentication control, remaining there for days, months or even years without being noticed. During this period of time, they can get a lot of data and even shut down a service. The consequences of such attacks can lead to a blackout in a power provider, or even increase the level of substances to be placed in a water treatment system. Industries, companies, government, and others operating critical infrastructure systems should be especially concerned with the unrestricted access that these technologies have within their environment. SCADA software and privileged credentials are the pots of gold an attacker wants to find during their invasion. Therefore, the focus of organizations dealing with critical infrastructure should be to make access to and use of these assets more difficult. To apply this great security practice, some tools may be essential to protect these environments.   A Privileged Access Management (PAM) solution can help create access controls for sensors and other infrastructure devices, ensuring that they are not accessed improperly.  A PAM solution allows the protection of ICS/SCADA via the following functionalities:
  • Credential Management – You can manage credentials in a number of environments, systems, and applications. A PAM solution allows you to define administrator users who will be granted the use of a password for physical access, and the group of users who can use the remote access offered by the solution to access a target device or system;
  • Remote Session with Recording Features – the PAM solution may allow the recording and storage of all remote sessions performed. The session video files must be stored in a secure, encrypted, and protected storage repository;
  • Indexing of input and output logs – all text inputs, in addition to the actions logged, must be indexed along with the video session time, allowing you to search for any command. In this way, you can quickly find any command executed during a remote session;
A PAM solution has features and functions that can help create a more secure and controlled environment for ICS systems. Thus, implementing this type of solution results in a more secure and protected environment in any organization that uses ICS/SCADA in its infrastructure.  The result is the assurance that no suspension in key services occurs, either by external or even internal attacks.

Industry 4.0 – What Is It, and Why do You Need to Start Thinking About It?

In recent years, the adoption of Industry 4.0 technologies such as automation, 3D printers, robotics, and IoT is gaining a lot of momentum across manufacturers. These technologies that interface with the production lifecycle enable businesses to improve productivity...

Learn How to Protect Your Company from Insider Threats.

Imagine yourself in a dining room in your company with colleagues and friends enjoying a meal. Suddenly, the lights flash and everyone's belongings mysteriously disappear. The only suspects are those in the environment, including you. But how to find the culprit? As...

Resolving LGPD Compliance Issues with Privileged Access Management

Due to the increasing technological development in the market, we can clearly see how much the trend of product and service purchases by consumers has changed. Through more practical technologies, such as cellphones, laptops, and tablets, they are just a click away to...

What is ISO 27001 and how can it benefit your business?

The International Organization for Standardization is an internationally known and respected agency that manages and structures standards for various areas, including cybersecurity. ISO 27001 is a systematic approach to managing confidential company information so...

Third Party Access: A Problem for Today’s Organizations

The extent of the use of third parties to carry out activities in companies today is really surprising. Companies are increasingly looking to outsource internal functions and operations and external services. According to the study, a quarter of companies said they...
Copy link
Powered by Social Snap