Industrial Cyber Security

The increasing networking of machines and industrial automation systems has created exponential growth in the number of security threats, which are also becoming more specialised and complex.

So, if you want to find out how these security threats could occur and what protective measures your business can put in place to safeguard against these cyber-attacks - read on below.

What is Industrial Cyber Security?

In the digital age of manufacturing, many companies are transforming their operations by taking advantage of the latest IIoT technologies. In turn, the size of industrial networks are rapidly increasing with anywhere from 50 to 500 connected devices, such as; smart sensors, industrial edge devices & other industrial automation components with integrated communication functions.

However, an increase in the size of a network also increases the size of the potential attack surface, leaving Industrial Control Systems (ICS's) and IIoT enabled devices more prone to a cyber-attack.

To successfully counter cybersecurity risks, requires an integrated end-to-end approach that can identify and respond to threats immediately, anywhere across the extended network, thus transcending traditional security devices and platforms that limit visibility, collaboration, and control.

Effective industrial cybersecurity measures will need to simultaneously cover all levels, from the enterprise & the operational level through to the field, to safeguard industrial facilities against internal and external cyber-attacks.

Plant assets & equipment, productivity, intellectual property and even the safety of personnel need to be protected from malicious network intrusions, employee sabotage or accidental manipulation.

How can I mitigate the risk of an industrial cyberattack?

Securing plant equipment, automation systems and your industrial network infrastructure from constantly evolving cyber threats requires a multi-layer ‘defence-in-depth’ approach, simultaneously safeguarding the plant management level to the field level and from managing access control to know-how protection. This approach should seek to integrate multiple, independent protective measures that provide a higher level of redundancy, so security is maintained, even in the event that a security control fails or a system vulnerability is exploited, as recommended by the international cybersecurity standard – IEC 62443.

industrial-cybersecurity-first-paragraph-image_1_

Differences between IT & OT Security

When it comes to securing plant infrastructure, many organisations are assigning this responsibility to their IT departments. But not all IT solutions are suitable for securing Industrial Control Systems (ICSs).

For further information, read our blog post to understand why IT security controls aren’t entirely suitable for securing Industrial Control Systems.

What is IEC 62443?

IEC 62443 is a series of international standards that outlines a flexible framework to mitigate any current & future security vulnerabilities in industrial automation and control systems (IACSs).

It is aimed at plant operators, integrators, and automation component manufacturers alike, and covers all aspects of Industrial Cybersecurity.

Yet, some IACSs are more critical than others and it is recommended by IEC 62443 that an effective industrial cybersecurity program should start with a thorough risk assessment.

Each IACS presents a different risk to an organisation depending upon; the threats they are exposed to, the likelihood of those threats arising, the inherent vulnerabilities in the system, and the consequences of a compromised system.

To address this, IEC 62443 outlines a framework of five protection levels (PLs) that allow industrial companies to determine the level of protection that its security controls should meet in order to effectively mitigate each of the cybersecurity risks based upon the criteria listed above.

A Network Asset Discovery audit should also be conducted in conjunction with a risk assessment to identify and collect data on the technology assets connected to an industrial network, such as PLCs, HMI & SCADA Systems, IIoT devices as well as standard PCs including the software and virtual machines that run on these devices.

This will help to map the interaction between devices which can be used to create a complete and up-to-date picture of the technology landscape to establish a baseline for anomalous activity and threat detection purposes.

Which security controls can be used to protect IACS's from cyber attacks?

Once plant operators have a better understanding of the security risks associated with IACS’s and a baseline audit of the technology landscape connected to a plants industrial networks, the next step is to implement the appropriate security controls which provide adequate protection against the threats that were identified by the risk assessment.

Managed Access Control & Authentication Systems

One particular area of concern for cybersecurity involves restricting unauthorised access to critical information, plant assets and infrastructure in both the physical and digital world, thereby condensing the potential attack surface, and preventing, or at least mitigating, the damage arising from external attacks as well as from employee sabotage or negligence.

Some of the actions to secure against this form of threat includes:

Switching off all available ports on your networked components that are not required.
Allowing only authorised personnel to access HMI panels by using RFID security tags.
Utilising a centralised user management system to assign/ alter employee access rights.
Implement managed access control systems to regulate access into a manufacturing plant.
Enforce multi-factor authentication when personnel are accessing IT or automation systems.
Frequently change system passwords including the password to machine networks

Network Segmentation & Demilitarised Zones

Whilst open communication and the increased networking of production systems offers a multitude of benefits to industrial businesses, it also increases the need for the protection of automation networks to prevent unauthorised communication between or into networks as well as safeguarding network availability by restricting the flow of traffic (such as data) between segments within a plants automation network.