Is there any guidelines available for PLC Cyber security? Any security standards available from ISA or national cyber security protection system?
Yes, various recommendations and standards exist for PLC (Programmable Logic Controller) cybersecurity.
These are offered by a variety of organizations, namely the International Society of Automation (ISA) & national cybersecurity authorities.
Here are some of the main standards and guidelines:
ISA/IEC 62443 Series
ISA/IEC 62443 is a comprehensive set of standards created by the International Society of Automation (ISA) & the International Electrotechnical Commission (IEC). These standards establish a framework for safeguarding industrial automation & control systems (IACS), which include PLCs. Key components of the ISA/IEC 62443 series include:
ISA/IEC 62443-1-1: concepts & models.
ISA/IEC 62443-2-1: Setting up an industrial automation & control system security program.
ISA/IEC 62443-3-3: System security standards and levels.
ISA/IEC 62443-4-2: Technical security standards for IACS components.
NIST SP 800-82
A Guide to Industrial Control Systems (ICS) Security is issued by the National Institute of Standards & Technology (NIST). This guide includes thorough information on safeguarding ICS, including PLCs.
This includes:
- An Overview of ICS and PLC Security
- Risk management framework
- Recommended security procedures and best practices.
NERC CIP
NERC Critical Infrastructure Protection (CIP) Standards are a collection of regulations meant to protect the assets needed to run North America’s bulk electric system.
Relevant requirements for PLC cybersecurity are:
CIP-002 to CIP-011: Address security management controls, people & training, electronic security perimeters, & incident reporting.
ANSSI (National Agency for Information System Security)
The French National Cybersecurity Agency has issued rules and suggestions for safeguarding industrial control systems (ICS), including PLCs. The ANSSI manuals address subjects such as network segmentation, access control, & monitoring.
National Cyber Security Centre (NCSC)
The UK’s National Cyber Security Centre offers guidelines & recommendations for ICS security, including steps to secure PLCs. These include recommendations for network architecture, remote access security, and the implementation of effective incident response strategies.
Department of Homeland Security (DHS)
Cybersecurity & Infrastructure Security Agency (CISA) offers standards, resources, and best practices for securing ICS and PLCs. The ICS Cybersecurity Framework & ICS-CERT advisories provide information on vulnerabilities and mitigating measures.
General Best Practices
- Network Segmentation: To reduce exposure to risks, isolate PLCs from other network segments.
- Access Control: Implement tight access control procedures to guarantee that only authorized personnel have access to PLCs.
- Regular Updates: Keep the PLC firmware and accompanying software up to date with the most recent security fixes.
- Monitoring & Logging: Continuously monitor PLC activities and keep logs to detect and respond to security incidents.
- Incident Response: Create and update an incident response plan tailored to ICS and PLC environments.
These standards and guidelines establish a comprehensive framework for improving the cybersecurity of PLCs in industrial & critical infrastructure environments.
Adopting these procedures reduces risks and protects against a wide spectrum of cyber threats.