Configuring and Managing Remote Access for Industrial Control Systems

This afternoon the DHS ICS-CERT published an abstract of and link to an interesting document developed by the British Centre for the Protection of National Infrastructure. The 67 page document addresses the design of systems to allow remote access for ICS.

The ICS-CERT abstract explains:

“Part of the security equation involves how operational assets are accessed and managed and how the cyber security posture of a control system can be impacted if the management of remote access is not understood by business or is conducted poorly. However, the application of proven and accepted remote access solutions may not map perfectly to control systems environments. Requirements for availability and integrity, combined with the unique nuances and attributes often found in ‘purpose built’ systems, drive new demand for guidance as it pertains to creating secure remote access solutions for industrial control systems environments.”

The table of contents lists some interesting topics:

• Remote access in industrial control system architectures;

• Roles and remote access in control system architectures;

• Types of remote access solutions;

• Security Considerations;

• Remote access security considerations unique to control systems;

• Applying good practices;

This looks like an interesting document that should provide some valuable insights. I’ll be looking at it in more detail in the coming days, but this is more of a technical document than the type of thing I address in detail in this blog.