Industrial Control Systems
Typified by the use of embedded Linux, SSH/Telnet command lines and web only interfaces. ICSs have become increasingly exposed to a range of cybersecurity and safety threats.
Osirium and Industrial Control Systems
Modern industrial control systems (ICSs) and critical national infrastructure (CNI) often involve a large scale deployment of IoT devices. The movement away from more isolated systems using specialist protocols has streamlined the support of production processes with the ability to address devices through network interfaces, as well as use information systems to automate different aspects of production and allow for remote access operations. However, these developments have resulted in the rise of a range of cybersecurity and safety concerns for ICSs.
ICSs are typified by the use of embedded Linux, SSH/Telnet command lines and web-only interfaces. Osirium PAM can drive multiple networks and therefore act as an application-to-application proxy, providing a virtual air gap between operational and control system networks.
Attackers have realised the potential gains of attacking ICSs systems. The Stuxnet worm uncovered in 2010 attacked SCADA ICSs, compromising SCADAs at a number of Iranian nuclear facilities and resulting in damage to a large number of uranium enriching centrifuges by altering their rotational speed.
Osirium’s PAM offers solutions to largely negate both internal and external cybersecurity threats to ICSs. Many internal incidents are down to human negligence, PAM avoids this issue through the use of tasks. Customers can write tasks that carry out common operations used on a device that can then be activated by users who have the appropriate access level, significantly reducing the number of users who need direct access to the devices, alternatively, these tasks can be put into schedules. The external threat is dealt with by a combination of high entropy passwords and separating users from those passwords so that end-users will have no interaction with the password used to access a device. These passwords can then be rotated in accordance with the customer’s company policy.
Osirium PAM can provide secure privileged access management for any kind of device, including those used in industrial control systems. PAM connects to devices using Device Templates, meaning any device that has a command line (SSH/Telnet), an API, a database or a web interface can be managed through PAM. Osirium provides a wide range of templates as part of a regularly updated template bundle, see the ‘plays well with’ page for information about devices included in this bundle. Outside of the templates in the template bundle customers can create their own using Osirium’s template guide, or they can have them developed at Osirium by getting in touch with the Professional Services department.
Which compliance standards can Osirium help Industrial Control Systems with in relation to Privilege Account Management (PAM)?