Applying Zero Trust Principles to Secure Industrial Control Networks
Abstract
The defense in depth principles, normally used by industrial control networks (ICN), may no longer be adequate in an industry 4.0 scenario, which the sensors, actuators and supervisory systems needs to communicate directly to the cloud. The Zero Trust Architecture is raising as de facto standard for securing cloud application and can be used to protect an ICN, but normally it is applicable only by replacing existing applications and network gears. This preliminary work presents an option to apply the Zero Trust principles on ICN, maintaining the existent systems and network.
References
Andreeva, O., Gordeychik, S., Gritsai, G., Kochetova, O., Potseluevskaya, E., Sidorov, S. I. and Timorin, A. A. 2016. “Industrial Control Systems and Their Online Availability”. URL: [link]. Access Date: Mar 29th 2020.
ANSI/ISA-62443-3-3 (99.03.03)-2013. 2013. “Security for industrial automation and control systems Part 3-3: System security requirements and security levels”. ISBN: 978-0-876640-39-5.
Beraud, P., Grasset, J., Jumelet A. 2019. "Implementing a Zero Trust approach with Azure Active Directory". URL: [link]. Access Date: Jan 8th 2020.
Fritsch, J. 2019. "Architectures and Paradigms of Microsegmentation Products". URL: [link]. Access Date: Feb 01st 2020.
Gilman, E. and Barth, D., 2017. "Zero Trust Networks". O'Reilly Media, Incorporated.
ICS-CERT - Industrial Control Systems Cyber Emergency Response Team. 2016. "Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies". URL: [link]. Access Date: Mar 29th 2020.
Kerman, A., Borchert, O., Rose, S. 2020. "Implementing a Zero Trust Architecture". URL: [link]. Access Date: Apr 4th 2020.
Leander, B., Cauševic, A. and Hansson, H., 2019, August. “Applicability of the IEC 62443 standard in Industry 4.0/IIoT”. In Proceedings of the 14th International Conference on Availability, Reliability and Security (pp. 1-8). URL: https://doi.org/10.1145/3339252.3341481. Access Date: Mar 29th 2020.
OpenVPN INC. 2020. "A Business VPN to Access Network Resources Securely". URL: https://openvpn.net/. Access Date: Apr 5th 2020.
Rose, S., Borchert, O., Mitchell, S. Connelly, S. 2019. "Draft NIST Special Publication 800-207 - Zero Trust Architecture". URL: https://doi.org/10.6028/NIST.SP.800-207-draft. Access Date: Dec 11th 2019.
Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M. and Hahn, A., 2015. "NIST Special Publication 800-82 - Revision 2 - Guide to Industrial Control Systems (ICS) Security". URL: http://dx.doi.org/10.6028/NIST.SP.800-82r2. Access Date: Mar 29th 2020.
Tommey, C.R., 2018. "Implications of Implementing Software Defined Networking to Improve Cybersecurity for Operational Technology Networks". Master Thesis. Utica College.
Tsuchiya, A., Fraile, F., Koshijima, I., Ortiz, A. and Poler, R., 2018. Software defined networking firewall for industry 4.0 manufacturing systems. Journal of Industrial Engineering and Management (JIEM), 11(2), pp.318-333. URL: https://doi.org/10.3926/jiem.2534. Access Date: Apr 5th 2020.
Ward, R. and Beyer, B., 2014. “Beyondcorp: A new approach to enterprise security”. URL: [link]. Access Date: Jan 8th 2020.
ANSI/ISA-62443-3-3 (99.03.03)-2013. 2013. “Security for industrial automation and control systems Part 3-3: System security requirements and security levels”. ISBN: 978-0-876640-39-5.
Beraud, P., Grasset, J., Jumelet A. 2019. "Implementing a Zero Trust approach with Azure Active Directory". URL: [link]. Access Date: Jan 8th 2020.
Fritsch, J. 2019. "Architectures and Paradigms of Microsegmentation Products". URL: [link]. Access Date: Feb 01st 2020.
Gilman, E. and Barth, D., 2017. "Zero Trust Networks". O'Reilly Media, Incorporated.
ICS-CERT - Industrial Control Systems Cyber Emergency Response Team. 2016. "Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies". URL: [link]. Access Date: Mar 29th 2020.
Kerman, A., Borchert, O., Rose, S. 2020. "Implementing a Zero Trust Architecture". URL: [link]. Access Date: Apr 4th 2020.
Leander, B., Cauševic, A. and Hansson, H., 2019, August. “Applicability of the IEC 62443 standard in Industry 4.0/IIoT”. In Proceedings of the 14th International Conference on Availability, Reliability and Security (pp. 1-8). URL: https://doi.org/10.1145/3339252.3341481. Access Date: Mar 29th 2020.
OpenVPN INC. 2020. "A Business VPN to Access Network Resources Securely". URL: https://openvpn.net/. Access Date: Apr 5th 2020.
Rose, S., Borchert, O., Mitchell, S. Connelly, S. 2019. "Draft NIST Special Publication 800-207 - Zero Trust Architecture". URL: https://doi.org/10.6028/NIST.SP.800-207-draft. Access Date: Dec 11th 2019.
Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M. and Hahn, A., 2015. "NIST Special Publication 800-82 - Revision 2 - Guide to Industrial Control Systems (ICS) Security". URL: http://dx.doi.org/10.6028/NIST.SP.800-82r2. Access Date: Mar 29th 2020.
Tommey, C.R., 2018. "Implications of Implementing Software Defined Networking to Improve Cybersecurity for Operational Technology Networks". Master Thesis. Utica College.
Tsuchiya, A., Fraile, F., Koshijima, I., Ortiz, A. and Poler, R., 2018. Software defined networking firewall for industry 4.0 manufacturing systems. Journal of Industrial Engineering and Management (JIEM), 11(2), pp.318-333. URL: https://doi.org/10.3926/jiem.2534. Access Date: Apr 5th 2020.
Ward, R. and Beyer, B., 2014. “Beyondcorp: A new approach to enterprise security”. URL: [link]. Access Date: Jan 8th 2020.
Published
2020-10-13
How to Cite
NASCIMENTO, Eduardo Marsola do.
Applying Zero Trust Principles to Secure Industrial Control Networks. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 20. , 2020, Petrópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 484-489.
DOI: https://doi.org/10.5753/sbseg.2020.19259.
