Low Cost ICS Network Scanning for Vulnerability Prevention

As newer devices are added to operational technology (OT) networks or remote access to them becomes more prevalent, security best practices are increasingly important to reduce vulnerabilities. This paper goes deeper into the tactical level that is lacking in most other regulatory or strategic literature and references NIST where applicable. Targeted audience is that of personnel in the OT network space, looking for a good low cost starting place to enhance security or mitigate vulnerabilities. Layered security through network segregation, vulnerability scanning methods, and firewall use in these specialized systems are explored. Documenting a baseline of a network is covered as the first step to understanding how to secure the network. Insight into ICS-friendly Nmap settings to assist in the host, port, and service discovery to supplement the baseline is provided. Nmap is shown as a viable open-source intrusion detection testing tool for firewalls to ensure a complete vulnerability assessment of the network. The tests documented in this paper are conducted on a small number of power substation devices, the scans ran through Nmap, and all network traffic monitored via Wireshark. Metrics and simple drawings accompany the ideas and suggestions presented in the text to give readers a place to start their own vulnerability mitigation strategies.