Industrial control systems, or ICS, security remains a big issue with associated compliance, legal and financial implications. On a higher level, protecting infrastructure is a matter of national security for nations worldwide.
A recap of a recent security conference in Europe, written by Computer Weekly, notes “…The drive to the most cost-effective, best-of-breed systems has also resulted in heterogeneous environments in many organisations providing critical national infrastructure.
The shift to trading energy like commodity in Europe has also driven the need for connections between ICS and traders.
There is also greater connectivity with suppliers for remote access to enable cost-effective maintenance and monitoring. Again, the lack of authentication mechanisms in legacy ICS is a challenge to security.” (http://www.computerweekly.com/news/2240232680/Industrial-control-systems-What-are-the-security-challenges)
TCG has been working on ICS security and recently released an industry specification for a secure overlay network that recognizes the unique challenges of the ICS environment and legacy networks. Ludwin Fuchs of Asguard Networks recently addressed the ICS security challenge and TCG’s approach in a talk at the TSCP Workshop (https://trustedcomputinggroup.org/2016-events).
Fuchs outlined a few infrastructure challenges – industrial networks were not designed for security, they use off the shelf software that is not patched, these networks are susceptible to a variety of attacks, and more.
He then explained an integrated ICS and IT intranet approach that supports widely dispersed systems, responsiveness, compliance, security, safety and business agility. But how can those goals be achieved?
TCG has worked with the ISA and industry to create a standard for a secure overlay network based on TCG’s TNC network security architecture.
Learn more about the approach and specification in an excellent article here: Fending off Attacks on the Robots: TCG Specification for Network Segmentation.
More info also is available here:
ICS Security Using TNC Technology Architect’s Guide.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.