In the digital age of manufacturing, many companies are transforming their operations by taking advantage of the latest IIoT technologies. In turn, the size of industrial networks are rapidly increasing with anywhere from 50 to 500 connected devices, such as; smart sensors, industrial edge devices & other industrial automation components with integrated communication functions.
However, an increase in the size of a network also increases the size of the potential attack surface, leaving Industrial Control Systems (ICS's) and IIoT enabled devices more prone to a cyber-attack.
To successfully counter cybersecurity risks, requires an integrated end-to-end approach that can identify and respond to threats immediately, anywhere across the extended network, thus transcending traditional security devices and platforms that limit visibility, collaboration, and control.
Effective industrial cybersecurity measures will need to simultaneously cover all levels, from the enterprise & the operational level through to the field, to safeguard industrial facilities against internal and external cyber-attacks.
Plant assets & equipment, productivity, intellectual property and even the safety of personnel need to be protected from malicious network intrusions, employee sabotage or accidental manipulation.
When it comes to securing plant infrastructure, many organisations are assigning this responsibility to their IT departments. But, not all IT solutions are suitable for securing Industrial Control Systems (ICSs).
For further information, read our blog post that delves into this subject in more depth.
The most common types of cybersecurity risks currently affecting operational technology are malware, phishing, denial of service (DoS) attacks, spyware, and mobile security breaches.
What’s more is that cyber criminals will seek to target any organisation regardless of their size or profitability. Unfortunately, If a cyber-criminal can find a vulnerability that provides an access point into your system – they will seek to exploit it.
Most industrial networks utilise a largely flat network structure as well as inadequate segmentation between the plant floor and the IT network, potentially resulting in malfunctions or malware to quickly spread throughout the network and infect any connected devices.
Industrial network environments are typically complex as they can utilise between 50 to 500 devices from a variety of vendors, exacerbating the challenges surrounding asset visibility and skills shortages, as each device stores different data and has different security configuration requirements.
Engineering teams aren't always regularly updating their software or installing the latest equipment with up-to-date firmware. Legacy equipment that is no longer supported is especially vulnerable as the equipment is unlikely to contain any embedded security controls.
Any security controls that a plant introduces can be easily bypassed if a hacker or unauthorised personnel can gain physical access into sensitive business areas, as well as direct access to critical automation components. For example, a hacker or negligent employee can't compromise a PLC with an infected USB drive if they can't physically insert the drive into an open port.
Most automation components are soft targets as they are typically unpatched, use default unsecure log-in credentials, and contain many open ports which provide a convenient gateway for hackers to gain access to critical plant equipment. As such, continuous network monitoring is needed to quickly identify anomolies or unauthorised activity.
Many industrial manufacturers only have partial visibility into automation assets, operational data, and other plant technology, making it difficult for security teams to even detect unusual behaviour. This makes it far more difficult to perform an effective form of threat analysis and respond to potential threats as quickly as possible.
Securing plant equipment, automation systems and your industrial network infrastructure from constantly evolving cyber threats requires a multi-layer ‘defence-in-depth’ approach, simultaneously safeguarding the plant management level to the field level and from managing access control to know-how protection. This approach should seek to integrate multiple, independent protective measures that provide a higher level of redundancy so security is maintained, even in the event that a security control fails or a system vulnerability is exploited, as recommended by the international cybersecurity standard – IEC 62443.
IEC 62443 is a series of international standards that outlines a flexible framework to mitigate any current & future security vulnerabilities in industrial automation and control systems (IACSs).
It is aimed at plant operators, integrators, and automation component manufacturers alike, and covers all aspects of Industrial Cybersecurity.
Yet, some IACSs are more critical than others and it is recommended by IEC 62443 that an effective industrial cybersecurity program should start with a thorough risk assessment.
Each IACS presents a different risk to an organisation depending upon; the threats they are exposed to, the likelihood of those threats arising, the inherent vulnerabilities in the system, and the consequences of a compromised system.
To address this, IEC 62443 outlines a framework of five protection levels (PLs) that allow industrial companies to determine the level of protection that its security controls should meet in order to effectively mitigate each of the cybersecurity risks based upon the criteria listed above.
A Network Asset Discovery audit should also be conducted in conjunction with a risk assessment to identify and collect data on the technology assets connected to an industrial network, such as PLCs, HMI & SCADA Systems, IIoT devices as well as standard PCs including the software and virtual machines that run on these devices.
This will help to map the interaction between devices which can be used to create a complete and up-to-date picture of the technology landscape to establish a baseline for anomalous activity and threat detection purposes.
Once plant operators have a better understanding of the security risks associated with IACS’s and a baseline audit of the technology landscape connected to a plants industrial networks, the next step is to implement the appropriate security controls which provide adequate protection against the threats that were identified by the risk assessment.
One particular area of concern for cybersecurity involves restricting unauthorised access to critical information, plant assets and infrastructure in both the physical and digital world, thereby condensing the potential attack surface, and preventing, or at least mitigating, the damage arising from external attacks as well as from employee sabotage or negligence.
Some of the actions to secure against this form of threat includes:
Whilst open communication and the increased networking of production systems offers a multitude of benefits to industrial businesses, it also increases the need for the protection of automation networks to prevent unauthorised communication between or into networks as well as safeguarding network availability by restricting the flow of traffic (such as data) between segments within a plants automation network.
Some of the actions to secure against this form of threat includes:
In a plant floor environment, these are a wide range of automation devices that will need protection from unauthorised configuration changes at the control level, from PLCs or RTUs, HMI and SCADA systems, to engineering workstations, database servers, data historians, and manufacturing systems to name a few. In addition, plant operators need to ensure that all automation hardware is operating on the latest firmware update and software is kept up-to-date wherever possible.
Simply securing your network with the relevant technology components and security processes is not enough to safeguard against a potential future attack. Effective cybersecurity programs require continuous network monitoring to identify unusual behaviour or network anomalies that could result in potential security threats. Therefore, industrial companies should consider implementing the following action points:
Want to know how secure your existing systems are in the event of a cyber attack?
Perhaps you are just getting started with your industrial cybersecurity journey and need help identifying the most vulnerable areas within your automation systems and network infrastructure?
Arrange a free 10 minute cybersecurity health check and we will give you an initial assessment as well as recommendations regarding the next steps you can take with your industrial security journey.
Whatever level of support you need, we can give you a clear market advantage through better product knowledge, smoother installations and systems that increase your productivity.
