2019 ICS Cyber Security Conference | USA

Cybersecurity can be a sizable investment.  Companies with large funding can afford well established cybersecurity solutions and the associated annual subscription fees.  This session will discuss using open source software to secure remote access into ICS networks. Open source software can be found running on IT systems, the Cloud and embedded devices in Industrial Control Systems.  In terms of Cybersecurity, Open Source can provide a vast amount of security solutions with low startup costs in developing security solutions, benefiting tight budgets for smaller companies.

With the mindset of finding a solution with very low start-up costs, the first objective was to create a proof-of-concept to secure remote access with two-factor authentication to a jump server. VPNs (Virtual Private Networks) can support a secure channel, but there is nothing stopping a virus or malware to be transmitted from a remote system to the jump server and from the jump server into an ICS network. The second objective was to find a way to mitigate against malware or unwanted software finding its way to the jump server all with open source.

An ICS network was built to emulate a real environment including a host hypervisor running a jump server VM (Virtual Machine) in a DMZ (Demilitarized Zone). 2-Factor authentication was implemented to access the jump server VM. PowerShell scripts were developed to shut down the jump server VM, delete, copy a pristine Jump Server image from a secure location, import the image into the hypervisor, and restart into a ready pristine state via a scheduler.

Files were damaged or corrupted on the jump server to emulate a malicious attack on the system. At 1 AM the scheduler initiated the jump server VM re-imaging process and an email was sent showing successful restore of a pristine image. Multiple vendors providing remote support, each assigned a VM jump server, could be permitted to service or monitor specific systems via 2-Factor Authentication. With the scripting process previously described, malware or unwanted software will be mitigated via the described process.