• Siemens Approved Partner
  • Customer Credit Accounts

Industrial Cyber Security

The increasing networking of machines and industrial automation systems has created an exponential growth in the number of security threats, which are also becoming more specialised and complex.

So if you want to find out how these security threats could occur and what protective measures your business can put in place to safeguard against these cyber attacks - read on below. 

 

What is Industrial Cyber Security?

In the digital age of manufacturing, many companies are transforming their operations by taking advantage of the latest IIoT technologies. In turn, the size of industrial networks are rapidly increasing with anywhere from 50 to 500 connected devices, such as; smart sensors, industrial edge devices & other industrial automation components with integrated communication functions. 

However, an increase in the size of a network also increases the size of the potential attack surface, leaving Industrial Control Systems (ICS's) and IIoT enabled devices more prone to a cyber-attack.

To successfully counter cybersecurity risks, requires an integrated end-to-end approach that can identify and respond to threats immediately, anywhere across the extended network, thus transcending traditional security devices and platforms that limit visibility, collaboration, and control.

Effective industrial cybersecurity measures will need to simultaneously cover all levels, from the enterprise & the operational level through to the field, to safeguard industrial facilities against internal and external cyber-attacks.

Plant assets & equipment, productivity, intellectual property and even the safety of personnel need to be protected from malicious network intrusions, employee sabotage or accidental manipulation.

Differences between IT & OT Security

When it comes to securing plant infrastructure, many organisations are assigning this responsibility to their IT departments. But, not all IT solutions are suitable for securing Industrial Control Systems (ICSs). 

For further information, read our blog post that delves into this subject in more depth. 

Why do these types of cyber attacks occur?

The most common types of cybersecurity risks currently affecting operational technology are malware, phishing, denial of service (DoS) attacks, spyware, and mobile security breaches.

What’s more is that cyber criminals will seek to target any organisation regardless of their size or profitability. Unfortunately, If a cyber-criminal can find a vulnerability that provides an access point into your system – they will seek to exploit it.

These cyber threats can occur as a result of some of the following vulnerabilities: 

Poor Network Segmentation

Most industrial networks utilise a largely flat network structure as well as inadequate segmentation between the plant floor and the IT network, potentially resulting in malfunctions or malware to quickly spread throughout the network and infect any connected devices. 

Network Complexity

Industrial network environments are typically complex as they can utilise between 50 to 500 devices from a variety of vendors, exacerbating the challenges surrounding asset visibility and skills shortages, as each device stores different data and has different security configuration requirements. 

Outdated Software/Legacy Systems

Engineering teams aren't always regularly updating their software or installing the latest equipment with up-to-date firmware. Legacy equipment that is no longer supported is especially vulnerable as the equipment is unlikely to contain any embedded security controls. 

Weak Access Control

Any security controls that a plant introduces can be easily bypassed if a hacker or unauthorised personnel can gain physical access into sensitive business areas, as well as direct access to critical automation components. For example, a hacker or negligent employee can't compromise a PLC with an infected USB drive if they can't physically insert the drive into an open port. 

Insufficient Network Monitoring

Most automation components are soft targets as they are typically unpatched, use default unsecure log-in credentials, and contain many open ports which provide a convenient gateway for hackers to gain access to critical plant equipment. As such, continuous network monitoring is needed to quickly identify anomolies or unauthorised activity. 

Lack of Visibility

Many industrial manufacturers only have partial visibility into automation assets, operational data, and other plant technology, making it difficult for security teams to even detect unusual behaviour. This makes it far more difficult to perform an effective form of threat analysis and respond to potential threats as quickly as possible. 

How can I mitigate the risk of an industrial cyber attack?

Securing plant equipment, automation systems and your industrial network infrastructure from constantly evolving cyber threats requires a multi-layer ‘defence-in-depth’ approach, simultaneously safeguarding the plant management level to the field level and from managing access control to know-how protection. This approach should seek to integrate multiple, independent protective measures that provide a higher level of redundancy so security is maintained, even in the event that a security control fails or a system vulnerability is exploited, as recommended by the international cybersecurity standard – IEC 62443.

What is IEC 62443?

IEC 62443 is a series of international standards that outlines a flexible framework to mitigate any current & future security vulnerabilities in industrial automation and control systems (IACSs).

 It is aimed at plant operators, integrators, and automation component manufacturers alike, and covers all aspects of Industrial Cybersecurity.

Yet, some IACSs are more critical than others and it is recommended by IEC 62443 that an effective industrial cybersecurity program should start with a thorough risk assessment. 

Each IACS presents a different risk to an organisation depending upon; the threats they are exposed to, the likelihood of those threats arising, the inherent vulnerabilities in the system, and the consequences of a compromised system.  

To address this, IEC 62443 outlines a framework of five protection levels (PLs) that allow industrial companies to determine the level of protection that its security controls should meet in order to effectively mitigate each of the cybersecurity risks based upon the criteria listed above. 

A Network Asset Discovery audit should also be conducted in conjunction with a risk assessment to identify and collect data on the technology assets connected to an industrial network, such as PLCs, HMI & SCADA Systems, IIoT devices as well as standard PCs including the software and virtual machines that run on these devices.

This will help to map the interaction between devices which can be used to create a complete and up-to-date picture of the technology landscape to establish a baseline for anomalous activity and threat detection purposes.

Which security controls can be used to protect IACS's from cyber attacks?

Once plant operators have a better understanding of the security risks associated with IACS’s and a baseline audit of the technology landscape connected to a plants industrial networks, the next step is to implement the appropriate security controls which provide adequate protection against the threats that were identified by the risk assessment. 

One particular area of concern for cybersecurity involves restricting unauthorised access to critical information, plant assets and infrastructure in both the physical and digital world, thereby condensing the potential attack surface, and preventing, or at least mitigating, the damage arising from external attacks as well as from employee sabotage or negligence.

Some of the actions to secure against this form of threat includes:

  • Switching off all available ports on your networked components that are not required
  • Allowing only authorised personnel to access HMI panels by using RFID security tags
  • Utilising a centralised user management system to assign/ alter employee access rights
  • Implement managed access control systems to regulate access into a manufacturing plant
  • Enforce multi-factor authentication when personnel are accessing IT or automation systems
  • Frequently change system passwords including the password to machine networks

Whilst open communication and the increased networking of production systems offers a multitude of benefits to industrial businesses, it also increases the need for the protection of automation networks to prevent unauthorised communication between or into networks as well as safeguarding network availability by restricting the flow of traffic (such as data) between segments within a plants automation network.

Some of the actions to secure against this form of threat includes:

  • Segmenting the plants network into individually protected automation cells.
  • Separating network segments using firewalls to restrict the spread of malware
  • Utilising industrial routers or Layer 3 managed switches to facilitate secure communication between the individually protected network segments
  • Encrypting data transmission using Virtual Private Networks (VPN’s) to safeguard against data espionage and manipulation, including for remote maintenance solutions
  • Encrypting your PLC communications using security processors
  • Creating Demilitarized zones (DMZs), making data available to other networks, restricting direct access to the automation network itself.
  • Only connecting your automation & IT network when it’s completely necessary
  • Implementing industrial integrity monitoring to detect/halt changes or manipulations to windows-based systems, such controllers, operator interfaces and PCs.  

In a plant floor environment, these are a wide range of automation devices that will need protection from unauthorised configuration changes at the control level, from PLCs or RTUs, HMI and SCADA systems, to engineering workstations, database servers, data historians, and manufacturing systems to name a few. In addition, plant operators need to ensure that all automation hardware is operating on the latest firmware update and software is kept up-to-date wherever possible.

  • Padlocking control cabinets & locking down open ports on automation components
  • Installing automation components with integrated security functions for know-how and copy protection
  • Employing security functions for PC-based automation systems such as anti-virus software and system hardening mechanisms for a higher level of security
  • Integrating automated patch management tools for the central creation and management of all security-related device settings and supports future firmware upgrades.

Simply securing your network with the relevant technology components and security processes is not enough to safeguard against a potential future attack. Effective cybersecurity programs require continuous network monitoring to identify unusual behaviour or network anomalies that could result in potential security threats. Therefore, industrial companies should consider implementing the following action points:

  • Continuously monitor for network anomalies to identify potential attack attempts as well as non-malicious system failures, disruptions or misconfiguration.
  • Utilise the firewalls Deep Packet Inspection (DPI) protocols to identify, categorise, reroute, or stop data packets that are being transmitted on the network with undesirable code or data.

How secure is your plant?

Want to know how secure your existing systems are in the event of a cyber attack? 

Perhaps you are just getting started with your industrial cybersecurity journey and need help identifying the most vulnerable areas within your automation systems and network infrastructure? 

Arrange a free 10 minute cybersecurity health check and we will give you an initial assessment as well as recommendations regarding the next steps you can take with your industrial security journey. 

Book your Industrial Security Health Check

Your Automation partner,
from simple supply to total solution

Whatever level of support you need, we can give you a clear market advantage through better product knowledge, smoother installations and systems that increase your productivity.

Get in Touch