FM Logo
WowFM
Recommended Security Controls For Level 0 and Level 1
Recommended Security Controls For Level 0 and Level 1

Recommended Security Controls For Level 0 and Level 1

Walid Khatib

10 min0 plays0 favorites
Knowledge
Play

Description

<p><a href= "https://www.linkedin.com/pulse/awareness-purdue-level-0-1-insecurity-dale-peterson/" target="_blank" rel="noreferrer noopener">Part 1: Awareness of Purdue Level 0 and 1 (In)Security</a></p> <p><a href= "https://www.linkedin.com/pulse/properly-prioritizing-level-0-1-security-dale-peterson/" target="_blank" rel="noreferrer noopener">Part 2: Properly Prioritizing Level 0 and Level 1 Security</a></p> <p>In this third and final article in my Level 0 / Level 1 security series the focus is on the appropriate security controls.</p> <h3>Sensors and Sensor Data</h3> <p>The security concern with sensors is that the sensor data will be incorrect and lead to incorrect control decisions. Sensors fail for a variety of reasons unrelated to a cyber attack, so this is not a new issue. However, an attacker with engineering skills and automation skills is more likely to know what type of false data could lead to high consequence control decision errors. A simple example would be spoofing the data so the Operator and logic thinks everything is operating normally, when in fact the process is entering a bad state.</p> <p>Bad sensor data could be injected at the sensor itself (Level 0), communication networks between sensor and PLC (Level 1), at the PLC, communications between the PLC and the Level 2 computers, or in the ICS applications at Level 2. As noted in Part 2, the exposure to a cyber attack is greatest where the device or network has an IP stack.</p> <p>Ideally we would like to have authentication of the source and sensor data integrity along each step of this communication path, and hopefully we will eventually get to having this. In the meantime, the solution where the risk of false Level 0 sensor data is unacceptable is process variable anomaly detection (PVAD) on reported sensor data.</p> <p>The best example to date of this is <a href= "https://www.youtube.com/watch?v=tYVm6FqYTtQ" target="_blank" rel= "noreferrer noopener">GE's Digital Ghost, originally shown at S4x19</a>. GE had a digital twin of a GE turbine

Creators

lila_trip

lila_trip

Creator