Close

Request Demo

BUFFERZONE is available to Enterprise companies only. Please fill out the form below and we’ll contact you shortly


    Virtual Desktops

    VDI is vulnerable to advanced threats just like physical endpoints

    Blog

    Back

    Stop Worrying and Start Isolating – Protecting Industrial Control System (ICS)

    By BUFFERZONE Team, 22/07/2024

    Target: ICS Professionals (Elementary)

    Tags: Isolation, Safe Workspace®, Safe Browser, Zero-day

    Protecting critical infrastructure has never been more important in today’s interconnected world. Cyber threats are becoming increasingly sophisticated, targeting essential services and facilities that societies rely on daily. To mitigate these risks, a proactive approach to cybersecurity is necessary. Two key strategies in this approach are Isolation and Content Disarm and Reconstruction (CDR). Organizations can significantly reduce attack vectors and minimize disruptions by implementing these methods within the Perdue model.

    Understanding the Perdue Model

    The Perdue model, also known as the Purdue Enterprise Reference Architecture (PERA), is a widely adopted framework for organizing industrial control systems (ICS) and IT infrastructure. It categorizes systems into different levels, each representing a distinct layer of operation:

    1. Level 0: Physical processes (sensors, actuators)
    2. Level 1: Basic control (PLC, DCS)
    3. Level 2: Process control (SCADA, HMI)
    4. Level 3: Manufacturing operations (MES)
    5. Level 4: Business logistics systems (ERP, office networks)

    Isolation and CDR can be strategically applied across these levels to enhance security, especially in layers 3-5, which are vulnerable and targeted by attackers as the entry point to the lower levels.

    Isolation: Segmenting the Network

    Isolation involves segmenting the network and devices to prevent unauthorized access and lateral movement by attackers. Isolation can be obtained by the following methods:

    1. Network Segmentation: Dividing the network into smaller, manageable segments, each with its security policies. For example, isolating Level 2 SCADA systems from Level 4 business networks ensures that a breach in the office network does not compromise industrial control systems.
    2. DMZ Implementation: Creating a Demilitarized Zone (DMZ) between the corporate and ICS networks. This buffer zone helps to control and monitor traffic between the two networks, preventing direct access from one to the other.
    3. Micro Segmentation: Using software-defined networking (SDN) to create dynamic and granular segments within the network. Segmentation allows for real-time adjustments to security policies based on evolving threats.
    4. Application Isolation (Prevention): The solution enables users to isolate specific applications and hardware devices within a virtual container. This isolation allows users to securely open web browsers and use removable media such as USBs, CDs, and DVDs to access files, links, and attachments without the risk of Ransomware, data wipers, and data stealers. This solution simplifies IT and ICS by effectively isolating external threats while protecting Layers 3-5 and preventing USB and file-based attacks.

    Content Disarm and Reconstruction (CDR): Neutralizing Malicious Content

    CDR is a cybersecurity technology that removes threats from incoming files and data streams. It works by breaking down incoming content into discrete components, eliminating anything that does not meet predefined safe standards, and reconstructing the file in a secure, usable format. This process eliminates malicious code embedded in files before it can cause harm.

    Implementing CDR in critical infrastructure involves:

    1. Email Security: Applying CDR to email attachments and links, a common attack vector. Organizations can prevent phishing and malware attacks that often target employees by disarming potential threats.
    2. File Transfers: Using CDR for files transferred between different levels of the Perdue model. For instance, applying CDR to files moving from Level 4 (business systems) to Level 3 (manufacturing operations) ensures that malicious content is stripped away before it reaches sensitive systems.
    3. Web Security: Employing CDR for web downloads and uploads, protecting against drive-by downloads and malicious web content.

    Prevention First Approach for ICS
    To defend against new threats, individuals and organizations must implement proactive security measures, as detecting abnormal behavior is often too late when dealing with zero-day attacks. That is why we developed BUFFERZONE® Safe Workspace®, a set of zero-trust solutions including Safe Mail, NoCloud™ Artificial Intelligence (AI) Anti-Phishing, SafeBridge® Content Disarm and Reconstruction (CDR), and Safe Browser.

    Safe Browser is a secure browsing solution that separates your existing Browser from trusted enterprise resources, providing isolation and protection.

    Safe Removables efficient isolation of USB, CD and DVD while enabling to open files in a secure virtual container.

    Safe Mail is a Microsoft Outlook plugin that utilizes BUFFERZONE® Safe Workspace® to open links and attachments safely within a secure virtual container. This container isolates browsing and file activity, safeguarding your computer from evasive attacks. This sophisticated Zero-day exploit attack is contained and will not be able to penetrate the organization and steal sensitive data. Furthermore, the isolation restricts lateral movement within the organization, and your existing security controls can scan the isolated zone, adding extra layers of protection.

    Applying Safe Workspace® in the Perdue Model

    Consider a critical infrastructure facility such as a water treatment plant. By applying isolation and CDR across various levels, the plant can bolster its cybersecurity posture:

    1. Level 4 to Level 3: Use the entire Safe Workspace® offering to prevent evasive threats from email, browsing, file transfer, and removable media.
    2. Level 2: protect HMI by isolating the device from external threats and using SafeBridge® CDR to secure file transfer from the isolated environment to the trusted network.

    By implementing these measures, the water treatment plant can reduce its attack surface, prevent lateral movement by attackers, and ensure the continuity of its critical operations.

    Conclusion

    Application Isolation and Content Disarm and Reconstruction are potent tools in the fight against cyber threats targeting critical infrastructure. By strategically applying these techniques within the Perdue model, organizations can minimize attack vectors and disruptions, ensuring the safety and reliability of essential services. As cyber threats evolve, adopting a prevention-based approach to infrastructure protection is imperative.