Hardening and architecture of an industrial control system in a virtualized environment
Permanent address of the item is
Teollisen ohjausjärjestelmän koventaminen ja arkkitehtuuri virtualisoidussa ympäristössä
Virtualization is widely used in traditional ICT in order to share hardware resources between separate software applications while also creating isolation. This makes it possible to more efficiently utilize hardware resources as isolation doesn't require running software on separate hardware servers. Virtualization offers features like fault tolerance and the ability to create easily managed test environments. Such features are also desirable in designing and maintaining automation systems. Industrial control systems and their requirements differ significantly from traditional ICT, however. Security and reliability are of critical concern in ICS, and the effects of introducing new technology need to be thoroughly considered. Many practices that may be well-established and trusted in ICT can't be used directly in ICS, if at all. Industrial automation uses highly specialized solutions, and security measures can hinder or prevent system performance. This thesis presents the main challenges and solutions related to using virtualization in industrial automation, with a focus on security and hardening. The virtualization platform used is VMware's vSphere 6.5, and thus the practical recommendations are aimed at VMware products. Much of the general design and security principles are also applicable in environments using different virtualization software. Automation systems are complex, and maintaining virtualization adds its own operational workload. Available scripting languages and programming interfaces are researched to find ways to decrease this workload by automating some of the maintenance tasks. Automation systems are very heterogeneous and the integration of virtualization needs a lot of additional case specific consideration and practical work. Still, many of the established ICT solutions addressing virtualization security and hardening problems are found suitable for use in the ICS domain with some special considerations. Using the available VMware APIs and scripting solutions, practical tools automating security checks and hardening of virtual environments was developed.