Josh Carlson, Dragos, Inc., Dan Gunter, formerly of Dragos, Inc., Casey Roberts, Duke Energy Corp.
The threats of unauthorized access to or manipulation of commands and data drive the incorporation of cryptographic security controls into critical energy system communication infrastructure. However, cryptographic security controls that are inappropriately or poorly applied can lead to a decline in reliability and availability and an inadvertent expansion of the attack surface available to attackers. Furthermore, most modern information technology (IT)-originating cryptographic security controls include encryption (a minimal-priority security control in energy systems), which brings the side effect of crippling the operators’ ability to monitor their systems for intrusions. This paper discusses reasons why many security techniques commonly applied in IT systems and based on cryptography may be unsuitable for application in critical portions of energy systems. We propose for system owners an approach to designing energy systems that separates system elements into those that are dynamic (designed to serve human users, reconfigurable, plug-and-play) and static (fixed-task, fixed-configuration, and machine-oriented, e.g., high-speed protection and telemetry). Lastly, we build on that approach with recommendations for operational technology (OT) cryptographic security controls in energy system networks.
Additional Posts by Contributor
Contribute to the conversation
We want to hear from you. Send us your questions, thoughts on ICS and OT cybersecurity, and ideas for what we should discuss next.