This guide aims to explain more about endpoints and endpoint security on a theoretical level.
The wording is of a technical nature, but understandable for anyone who wants to understand both the endpoint concept and endpoint defences. In addition, different possible perimeter defences are listed and explained, i.e. both endpoint and external defences are explained.
The order of the contents is distributed in such a way that initially there is an introductory knowledge of endpoints in industrial control systems, together with general risks in ICS and defences for these end devices.
Finally, a conclusion is made in which this type of defences on endpoint devices is assessed.
Introduction
For several years now, there has been talk of Industry 4.0 and the digitalisation of industrial processes. This evolution has meant that the devices responsible for controlling industrial processes have gradually been replaced by others with better capabilities and greater intelligence, as well as being able to interconnect with each other through a network; these devices are known as IoT (Internet of Things) devices or as IIoT (Industrial Internet of Things) devices if they are in an industrial environment. To specify the magnitude of growth, both in terms of devices and interconnections between them, the
INCIBE-CERT article Predictions in Industrial Security in 2023, indicates a forecast of the number of smart devices connected in 2025, which concludes that the figure of 21.5 billion connected devices will be reached.
From the moment a device is connected to a network, it must be properly protected to prevent malicious actions on it, and this applies not only to devices in any network, but also to industrial devices. There are multiple protection measures that adapt to the different needs that a network device may present, so the objective of this study is to present solutions for the defence of end devices or “endpoints”.
The protection of industrial devices is one of the biggest challenges in terms of security in the industrial field due to their particularity, as they are usually devices designed to perform a specific task, which does not allow much leeway when it comes to configuring them. Moreover, until a few years ago, cyber security has not been a factor in the design process of industrial devices, resulting in equipment with poor cyber security capabilities.
Added to this is the intrinsic difficulty of updating and patching industrial devices, which results in the persistence of vulnerabilities detected in the equipment. As in the IT sector, the industrial sector also suffers from attacks, often with a direct impact on people, as many of the activities of the industrial sector are dedicated to providing basic services to society, such as electricity, water, etc.
CrashOverride, the attack on Colonial Pipeline or a sewage treatment plant in Florida are some examples of attacks on industrial control systems in the last decade, all of which had a direct impact on people.
Views: 3
