Security by design as most effective approach
Designing security into cyber systems from the beginning is the most cost effective approach to cyber security, since it minimizes risk and financial expenditures. Effective security cannot just be “patched” on to existing power system operational processes, but should be an intrinsic part of system designs and configurations, operational procedures, and information technologies.Inserting security procedures and technologies afterwards is also costly because often they are “ad hoc” and require major modifications to system configurations as well as significant retraining of personnel. If designed in from the beginning, security becomes a normal part of the life cycles of power system cyber assets and operational procedures.
The term “Security by Design” covers many aspects, such as component designs, software implementations, system configurations, network configurations, planning procedures, and data management. Many of the benefits of Security by Design
can be realized even if systems are just being upgraded or slowly replaced, since having a well-thought through security plan is critical for including security at each upgrade or replacement step.Some of the security design aspects
include becoming aware of potential threats and vulnerabilities through a risk analysis taking into account the environments in which the component may be deployed before finalizing system and network configurations.
For example, if some critical systems are located within a well-defined electronic security zone, then access to these critical systems can use the access and monitoring controls provided by these zone perimeters for crossing between different security zones (see Figure 3). Such a design reduces “attack surfaces” that could be exploited by malicious entities or simply misused by accident.
Security by design
Permits more consistency across all systems with well-defined configurations of networks and information flows. Users would have consistent procedures to follow, rather than ad hoc security approaches. This consistency would therefore be easier to implement and maintain, less likely to have security gaps, and less costly to manage globally.
Can apply to planning for the inevitable “successful” security incidents (failure scenarios) which should trigger the development of procedures for coping during such security incidents, such as designing in degradation modes.
Can be implemented down to the data levels, not just the system levels, which allows true end-to-end security between users and their access to data, thus limiting very precisely who can monitor and/or control what data. The same access control can also be applied to the data flows between software applications in the OT environment.
Flows of valid information to the right place within the right time are the most critical requirements for operational environments.
Security by design, usually requiring new or updated applications, can ensure that this level of assurance can be provided by secure protocols which would be natively supported by systems and would be part of the core capabilities of the systems. For example, validating information can help mitigate the threat of persons who have the knowledge to disrupt power system operations, by ensuring data verification is engineered within each system. At the same time, access to data may be constrained due to security policy requirements
Security policies, established during the design of systems, can institute procedures for purchasing and updating systems. With such security policies, the configurations of communication networks can be carefully designed and the security of the supply chain can be better known and managed.
Nonetheless, it is well recognized that security cannot easily be designed into legacy systems, particularly since power system components may have vastly different life cycles. So it is crucial that even for existing systems, transitions to security-based designs should be managed by including security controls in all system retrofits and upgrades.