Industrial control systems (ICS) that function well can help companies grow, meet emerging needs and maintain reliability. However, many people overseeing ICS security don’t always establish appropriate firewall rules in their organizations. Here are five actionable ICS firewall best practices for people to consider and follow to avoid cybersecurity incidents.
Review Existing ICS Firewall Policies
A company’s policies related to its ICS firewall will affect how incoming traffic is handled and how effective its overall cybersecurity efforts are in stopping current and future threats. However, as an industrial network grows and changes, more opportunities arise for misconfigurations that can erode overall effectiveness and provide a false sense of security.
A 2022 study found that network misconfigurations cost the equivalent of 9% of annual revenue for the average organization. However, the actual costs could be significantly higher. One positive finding from the study was that 96% of those polled prioritize configuration audits for firewalls. However, only 4% of respondents evaluate switches and routers along with their firewalls.
These conclusions emphasize that regular audits are critical for ICS security. When firewall misconfigurations go undetected for too long, it becomes more likely that hackers will find them before an organization’s security professionals do.
One option is to use specialized products that let people see all firewall configurations on centralized dashboards. That makes it easier to spot and rectify abnormalities or make necessary changes.
Apply Segmentation for Better ICS Security
Many ICS networks are segmented to limit potential hackers’ ability to do damage across the whole organization. Cybersecurity professionals may segment systems based on their functions or importance to an organization’s operations. They should use firewalls between each network so only authorized parties can access them.
Network professionals can also create and apply granular rules to control traffic between the firewalls. Notifications of unusual activity or access attempts could warn an organization’s cybersecurity team to investigate further.
Segmentation can also stop malware from spreading across the network, confining it to a specific area and limiting its damage. Another benefit is that firewalls and network segmentation can protect sensitive data and make identifying people trying to gain unauthorized access easier.
John Adams, the co-founder & CEO of Mission Secure, said appropriate network segmentation is a definite factor in how likely hackers are to orchestrate successful attacks. He also noted that most of today’s networks are not segmented enough to stop or reduce the damage cybercriminals cause.
If a cybersecurity team leader wants to deploy more network segmentation and firewalls, consulting an external network security expert could help them assess how well the segmentation currently functions and where weak spots exist.
Take a Layered Approach to Firewall Deployment
Some business leaders treat cybersecurity as an afterthought or assume hackers won’t target them. However, that could prove a costly and incorrect assumption. Just one data breach costs small- and medium-sized businesses an average of $149,000, and that figure is likely to rise. Cybercriminals constantly plan new attack methods with more widespread and damaging results.
Cybersecurity experts suggest using numerous firewalls to make it harder for intruders to breach ICS security. A good starting point is to install physical, hardware-based firewalls as the first lines of defense since they won’t consume system resources. From there, software and cloud-type firewalls can further strengthen a company’s protection against unauthorized access.
Firewalls that work in the cloud are virtual options that don’t require installing anything on individual machines. They help rapidly growing companies or organizations that will likely scale up soon. Alternatively, software-based firewalls are installed on each device and control traffic within and outside it.
There’s no universally accepted ideal for an organization’s ICS firewall type or number. Therefore, people responsible for securing a company’s infrastructure must take a personalized approach. That requires understanding particulars, including which assets are most at risk, whether an organization operates across one site or several, and if employees work remotely.
Maintain Easily Accessible Logs
Network activity logs are critical but often overlooked parts of ICS security. After all, cybersecurity practitioners can’t know something’s amiss if they don’t have data showing them. Firewall logs are some of the many useful pieces of information cybersecurity teams can study to find unusual patterns or other aspects worth investigating.
However, some cybersecurity experts say insufficient logging is one of the biggest issues preventing prompt resolution. Plus, having the logs available is only part of maintaining ICS security. Companies must also have enough resources to allow people to sift through the data and look for anything unusual.
Fortunately, people can use partially automated tools that examine firewall logs and flag anything strange. Users can also set parameters in many products to immediately detect unusual events. Those are beneficial when a company has had recent ICS firewall issues and cybersecurity professionals must prevent similar events from occurring.
Prioritize Employee Education and Risk Awareness
Coverage of ICS firewall best practices doesn’t always explore employees’ roles in protecting a company’s network. However, it’s time for that to change. Some cybersecurity professionals even point out that people act as human firewalls, serving as the final defensive layer.
Correctly configured firewalls block intruders. However, they can’t necessarily compensate for employees who fall for social engineering attacks and provide sensitive access information to seemingly legitimate scammers.
Many employees might try to circumvent company firewalls blocking their access to specific sites. Alternatively, workers who can remotely access a corporate network from home may turn off their computers’ firewalls while accessing sensitive company resources.
One ICS security best practice is to remember that safeguards must encompass on- and off-site locations. Supervisors who get permission to remotely monitor what’s happening within an ICS must understand the importance of configuring home firewalls. Companies that use role-based access control must remind employees of the importance of not sharing their passwords.
People who understand how an ICS firewall works and know their responsibilities in keeping it functioning correctly will likely embrace following best practices and encourage colleagues to do the same.
Utilize ICS Firewalls Well
These five best practices ensure organizations can secure their industrial control systems with appropriate, effective firewall deployment. They’ll be able to better protect assets and reduce the chances of successful intrusions.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
