The device or system should restrict read, manipulate, or execute privileges to only authenticated users who require access based on approved security policies. Role-based Access Control (RBAC) schemes can help reduce the overhead of assigning permissions to the large number of devices within an ICS. For example, IEC 62351 provides examples of roles used to support common system operations within the electric power sector [1], while IEEE 1686 defines standard permissions for users of IEDs. [2]
Domain | ID | Name | Use | |
---|---|---|---|---|
ICS | T0800 | Activate Firmware Update Mode |
Restrict configurations changes and firmware updating abilities to only authorized individuals. |
|
ICS | T0858 | Change Operating Mode |
All field controllers should restrict operating mode changes to only required authenticated users (e.g., engineers, field technicians), preferably through implementing a role-based access mechanism. Further, physical mechanisms (e.g., keys) can also be used to limit unauthorized operating mode changes. |
|
ICS | T0868 | Detect Operating Mode |
All field controllers should restrict the modification of programs to only certain users (e.g., engineers, field technician), preferably through implementing a role-based access mechanism. |
|
ICS | T0816 | Device Restart/Shutdown |
All field controllers should restrict the modification of programs to only certain users (e.g., engineers, field technician), preferably through implementing a role-based access mechanism. |
|
ICS | T0871 | Execution through API |
All APIs used to perform execution, especially those hosted on embedded controllers (e.g., PLCs), should provide adequate authorization enforcement of user access. Minimize user's access to only required API calls. [3] |
|
ICS | T0838 | Modify Alarm Settings |
Only authorized personnel should be able to change settings for alarms. |
|
ICS | T0821 | Modify Controller Tasking |
All field controllers should restrict the modification of controller tasks to only certain users (e.g., engineers, field technician), preferably through implementing a role-based access mechanism. |
|
ICS | T0836 | Modify Parameter |
All field controllers should restrict the modification of parameter values to only certain users (e.g., engineers, field technician), preferably through implementing a role-based access mechanism. They should also restrict online edits and enable write protection for parameters. |
|
ICS | T0889 | Modify Program |
All field controllers should restrict the modification of programs to only certain users (e.g., engineers, field technician), preferably through implementing a role-based access mechanism. |
|
ICS | T0861 | Point & Tag Identification |
Systems and devices should restrict access to any data with potential confidentiality concerns, including point and tag information. |
|
ICS | T0843 | Program Download |
All field controllers should restrict the download of programs, including online edits and program appends, to only certain users (e.g., engineers, field technician), preferably through implementing a role-based access mechanism. |
|
ICS | T0845 | Program Upload |
All field controllers should restrict program uploads to only certain users (e.g., engineers, field technician), preferably through implementing a role-based access mechanism. |
|
ICS | T0886 | Remote Services |
Provide privileges corresponding to the restriction of a GUI session to control system operations (examples include HMI read-only vs. read-write modes). Ensure local users, such as operators and engineers, are giving prioritization over remote sessions and have the authority to regain control over a remote session if needed. Prevent remote access sessions (e.g., RDP, VNC) from taking over local sessions, especially those used for ICS control, especially HMIs. |