What is the fundamental step in securing critical infrastructure communications ?

Add to my custom PDF

Securing Critical Infrastructure

Critical infrastructure is made up of the assets essential for social and economic functioning, such as electricity, water, and transportation distribution systems. These resources are increasingly linked with computer intelligence and Information Communication Technologies (ICT) capabilities into smart grids. This ICT permits increased information flows between more actors – or end-points – and in more directions, expanding options for management of utilities. This increased connectivity opens the infrastructure to additional vulnerabilities, especially considering the limitations of smart grid components such as fixed computational resources, little or no user intervention once deployed, and placement in dispersed locations.

In this study, Schukat discusses methods for improving the resilience of ICT in critical infrastructure. The suitability of ICT components is evaluated against a set of minimum standards for network security that, in combination, address the risk from common network cyber attack strategies. These standards are message confidentiality, message integrity, end-point authentication, and end-point authorisation.

Several settings and configurations can increase the resilience of smart grids against cyber attacks. These rely on public-key infrastructure (PKI) and authentication protocols. PKI involves a digital certificate that is issued and validated by third party authorities. The authentication protocol requires mutual authentication by peer end-points through a secure communication channel. Additional guidance is provided on how an authentication protocol can best support network security. The most applicable protocol is Transport Layer Security (TLS), which should be configured to require mutual authorizations by both end-points. Where TLS is not feasible, it might be possible to create something similar using other security appliances that act as a gateway between the end-point and network.

Other options include:

  • Ensure Perfect Forward Secrecy (PFS) to protect against later compromise.
  • Install a single certificate that integrates identity (public key) and attribute (permissions, rights) certificates.
  • Provide multiple mechanisms for validating the status of certificates to accommodate situations when real time validation is unavailable.

Growing smart grids and interconnectivity of critical infrastructure reinforce the need to minimize potential damage of any possible cyber attack. Using knowledgeable settings and configurations for authentication protocols can contribute to network security.

Critical Infrastructure requires communications security; PKI, TLS and PFS provide a basic starting point.