Applying Zero Trust Principles to Secure Industrial Control Networks

  • Eduardo Marsola do Nascimento Petrobras

Resumo


Os princípios de segurança em profundidade, normalmente utilizados para proteger as redes de controle industrial (ICN), podem não ser mais adequados em um cenário de indústria 4.0, no qual os sensores, atuadores e sistemas supervisórios precisam se comunicar diretamente com a nuvem. A Zero Trust Architecture surge como padrão de fato na proteção de aplicativos em nuvem e pode ser utilizada para proteger uma ICN, mas normalmente ela aplicada somente pela substituição de aplicações e equipamentos de redes existentes. Este trabalho preliminar apresenta uma opção para aplicar os princípios de Zero Trust em uma ICN, mantendo sistemas e redes existentes.

Referências

Andreeva, O., Gordeychik, S., Gritsai, G., Kochetova, O., Potseluevskaya, E., Sidorov, S. I. and Timorin, A. A. 2016. “Industrial Control Systems and Their Online Availability”. URL: [link]. Access Date: Mar 29th 2020.

ANSI/ISA-62443-3-3 (99.03.03)-2013. 2013. “Security for industrial automation and control systems Part 3-3: System security requirements and security levels”. ISBN: 978-0-876640-39-5.

Beraud, P., Grasset, J., Jumelet A. 2019. "Implementing a Zero Trust approach with Azure Active Directory". URL: [link]. Access Date: Jan 8th 2020.

Fritsch, J. 2019. "Architectures and Paradigms of Microsegmentation Products". URL: [link]. Access Date: Feb 01st 2020.

Gilman, E. and Barth, D., 2017. "Zero Trust Networks". O'Reilly Media, Incorporated.

ICS-CERT - Industrial Control Systems Cyber Emergency Response Team. 2016. "Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies". URL: [link]. Access Date: Mar 29th 2020.

Kerman, A., Borchert, O., Rose, S. 2020. "Implementing a Zero Trust Architecture". URL: [link]. Access Date: Apr 4th 2020.

Leander, B., Cauševic, A. and Hansson, H., 2019, August. “Applicability of the IEC 62443 standard in Industry 4.0/IIoT”. In Proceedings of the 14th International Conference on Availability, Reliability and Security (pp. 1-8). URL: https://doi.org/10.1145/3339252.3341481. Access Date: Mar 29th 2020.

OpenVPN INC. 2020. "A Business VPN to Access Network Resources Securely". URL: https://openvpn.net/. Access Date: Apr 5th 2020.

Rose, S., Borchert, O., Mitchell, S. Connelly, S. 2019. "Draft NIST Special Publication 800-207 - Zero Trust Architecture". URL: https://doi.org/10.6028/NIST.SP.800-207-draft. Access Date: Dec 11th 2019.

Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M. and Hahn, A., 2015. "NIST Special Publication 800-82 - Revision 2 - Guide to Industrial Control Systems (ICS) Security". URL: http://dx.doi.org/10.6028/NIST.SP.800-82r2. Access Date: Mar 29th 2020.

Tommey, C.R., 2018. "Implications of Implementing Software Defined Networking to Improve Cybersecurity for Operational Technology Networks". Master Thesis. Utica College.

Tsuchiya, A., Fraile, F., Koshijima, I., Ortiz, A. and Poler, R., 2018. Software defined networking firewall for industry 4.0 manufacturing systems. Journal of Industrial Engineering and Management (JIEM), 11(2), pp.318-333. URL: https://doi.org/10.3926/jiem.2534. Access Date: Apr 5th 2020.

Ward, R. and Beyer, B., 2014. “Beyondcorp: A new approach to enterprise security”. URL: [link]. Access Date: Jan 8th 2020.
Publicado
13/10/2020
NASCIMENTO, Eduardo Marsola do. Applying Zero Trust Principles to Secure Industrial Control Networks. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 20. , 2020, Petrópolis. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2020 . p. 484-489. DOI: https://doi.org/10.5753/sbseg.2020.19259.