Software Process and Device Authentication

Require the authentication of devices and software processes where appropriate. Devices that connect remotely to other systems should require strong authentication to prevent spoofing of communications. Furthermore, software processes should also require authentication when accessing APIs.

ID: M0813
Security Controls: IEC 62443-3-3:2013 - SR 1.2, IEC 62443-4-2:2019 - CR 1.2, NIST SP 800-53 Rev. 5 - IA-3
Version: 1.1
Created: 06 June 2019
Last Modified: 14 October 2024

Techniques Addressed by Mitigation

Domain ID Name Use
ICS T0800 Activate Firmware Update Mode

Authenticate connections fromsoftware and devices to prevent unauthorized systems from accessing protected management functions.

ICS T0830 Adversary-in-the-Middle

To protect against AiTM, authentication mechanisms should not send credentials across the network in plaintext and should also implement mechanisms to prevent replay attacks (such as nonces or timestamps). Challenge-response based authentication techniques that do not directly send credentials over the network provide better protection from AiTM.

ICS T0806 Brute Force I/O

Devices should authenticate all messages between master and outstation assets.

ICS T0858 Change Operating Mode

Authenticate connections fromsoftware and devices to prevent unauthorized systems from accessing protected management functions.

ICS T0868 Detect Operating Mode

Authenticate connections from software and devices to prevent unauthorized systems from accessing protected management functions.

ICS T0816 Device Restart/Shutdown

Authenticate connections from software and devices to prevent unauthorized systems from accessing protected management functions.

ICS T0838 Modify Alarm Settings

Authenticate connections fromsoftware and devices to prevent unauthorized systems from accessing protected management functions.

ICS T0839 Module Firmware

Authenticate connections fromsoftware and devices to prevent unauthorized systems from accessing protected management functions.

ICS T0861 Point & Tag Identification

Devices should authenticate all messages between master and outstation assets.

ICS T0843 Program Download

Authenticate connections from software and devices to prevent unauthorized systems from accessing protected management functions.

ICS T0845 Program Upload

Authenticate connections from software and devices to prevent unauthorized systems from accessing protected management functions.

ICS T0886 Remote Services

All communication sessions to remote services should be authenticated to prevent unauthorized access.

ICS T0848 Rogue Master

Devices should authenticate all messages between master and outstation assets.

ICS T0856 Spoof Reporting Message

Devices should authenticate all messages between master and outstation assets.

ICS T0857 System Firmware

Authenticate connections fromsoftware and devices to prevent unauthorized systems from accessing protected management functions.

ICS T0855 Unauthorized Command Message

Devices should authenticate all messages between master and outstation assets.

ICS T0860 Wireless Compromise

Ensure wireless networks require the authentication of all devices, and that all wireless devices also authenticate network infrastructure devices (i.e., mutual authentication). For defense-in-depth purposes, utilize VPNs or ensure that application-layer protocols also authenticate the system or device. Use protocols that provide strong authentication (e.g., IEEE 802.1X), and enforce basic protections, such as MAC filtering, when stronger cryptographic techniques are not available.