ICS Cybersecurity Recommendations for Level 0 and Level 1 Devices

What seemed to begin as a friendly debate between industrial cybersecurity experts Joe Weiss and Dale Peterson, has resulted in a salient three-part series on security controls for Purdue Level 0 and Level 1 devices. While the need for security of Level 0 and Level 1 devices is not in question, some organizations understandably grapple with the priority of implementing proper controls to protect these crucial devices.

According to Dale, this three part article series can be summarized as follows:

1. The ICS Security Community understands that Level 0 and almost all Level 1 devices lack authentication. Access sensor data can be modified, and control commands that reach the device will be accepted.
2. The risk of the lack of authentication varies at Level 0 and Level 1 based on the exposure and capabilities of the device. While we would like to have cyber security throughout the entire ICS, it is important to prioritize efforts where we will achieve the most efficient risk reduction.
3. Process variable anomaly detection (PVAD) is the most effective way in the short and medium term to detect and address bad sensor data.
4. Authentication of the firmware, administrative actions, and control commands are the most important security controls to add to the Level 1 and Level 0 devices in the decision tree specified priority order.

Members are encouraged to read the posts at dale-peterson.com.

• Awareness of Purdue Level 0 and 1 (In)Security
• Properly Prioritizing Level 0 and Level 1 Security
• Recommended Security Controls for Level 0 and Level 1