The Need for Network Segregation in Critical Infrastructure Systems
April 2013
A recent article in the NY Times claims:
The vast majority of targeted computer attacks now start with a malicious e-mail sent to a company employee. Now evidence suggests that the same technique could be used to attack watersheds, power grids, oil refineries and nuclear plants.
This cannot be allowed to happen, here I explore the issue in a little more detail.
The NY Times identified the risk as:
...all it takes is one click for an attacker to get inside a system. In one case, Critical Intelligence could see an instant messaging exchange between two employees that discussed critical systems. And while it would be difficult for attackers to inflict catastrophic damage from one employee’s machine, a patient attacker would simply wait for that employee to connect his or her laptop to an electrical substation, or move around the network to an employee who connected to critical systems regularly.
This is only true if the networks are connected. Air gaps are a candidate solution, but this also prevents legitimate business processes. As explored in air gap security failures, this need for the exchange of data is one reason why air gaps all too often fail.
Data Diode
In Air-Gaps, Firewalls and Data Diodes in Industrial Control Systems an alternative approach is explored that looks at putting one-way network connections in place, based on Data Diode technology. This enables the business process while reducing the risk. The briefing then looks further at how Data Guard technology can further minimise the risk, using content filtering to ensure only data related to the allowed business can pass the one-way connection.
We cannot avoid the need to join systems, but we can manage the risks by understanding the business information exchange needs, and build solutions to enable those, but only those, data flows.
How are you achieving network segregation in your environment? Please leave your comments below.
See Also
Be the first to know about developments in secure information exchange
About the author
Colin Robbins is a Principal Security Consultant, leading customer-funded research activities in secure interoperability and information exchange. He has specific technical interests in the Single Information Environment and Data Centric Security, as well as the processes of security, such as Secure by Design and Information Security Management Systems (ISMS). He is a Fellow of CIISec, and a former NCSC certified Security and Information Risk Adviser (Lead CCP).