Defending industrial automation against cyberattacks

Defending industrial automation against cyberattacks 21 Apr 2024 at 22:00

By Thomas Vasen

Cyber security

Anybus

With reports of cyberattacks on the industrial sector becoming all too familiar, Thomas Vasen, Anybus Business Development Manager Network Security at HMS Networks, outlines five strategies companies can adopt to fortify their defenses and avoid becoming the latest victim.

Rise of cybersecurity attacks

Cybersecurity is rapidly becoming a significant concern in industrial automation. The World Economic Forum highlighted in 2023 that manufacturing is the sector most targeted to cyberattacks. Furthermore, Orange Cyberdefense reports that the manufacturing sector had Common Vulnerability Scoring System (CVSS) severity scores 33% higher than the global average. The increasing number of attacks on Industrial Control Systems (ICS) is particularly worrying. Gartner predicts a bleak future: by 2025, cyberattacks are expected to harm or endanger humans.

The time for action is now. Here are five strategies companies can adopt to effectively mitigate the risk of cyberattacks.

1. Understand that OT is not just another version of IT

The first step is to adopt the correct mindset. In the 1990s, Netheads vs Bellheads debated the future of telecommunications. While Bellheads advocated for traditional methods, Netheads argued that voice should be treated like any other data and transmitted over IP. Three decades later, Netheads' vision has prevailed, with voice being transmitted over the Internet like any other type of data. Users have even come to accept deterioration in call quality due to the increase in latency and frequently dropped packets. Today every phone call feels like an intercontinental one.

However, the situation with Operational Technology (OT) is fundamentally different. Unlike Information Technology (IT), OT cannot tolerate compromised quality and increased latency, as even minor disruptions can have catastrophic consequences. Treating OT as merely another version of IT is a serious mistake, as OT operates under distinct principles and requirements. While IT prioritizes data integrity and confidentiality, OT demands deterministic data and uptime assurance. This distinction is especially critical in industries like manufacturing, where even minor disruptions can lead to significant financial losses, material wastage, and operational downtime. In IT, occasional network downtime or data loss may be manageable inconveniences. However, in OT, a similar disruption can have far more severe consequences. Imagine if an ice cream machine were to malfunction due to a network outage or data inconsistency. Not only would the production process grind to a halt, but the perishable ingredients would spoil, resulting in financial losses and wasted ice cream. And nobody wants that.

Figure 1: In OT, network downtime would lead to production processes grinding to a halt, resulting in financial losses, and wasted ingredients or materials.

So, while it's natural for OT to adopt IT technologies (there are lots of benefits of using Industrial Ethernet over traditional fieldbus networks) it must be acknowledged that out of the box IT does not satisfy OT's requirements. Hence, the rise of industrial communications protocols, and as such, the need for specialized OT security products and solutions.

2. IT and OT must work together While the Chief Information Security Officers (CISO) is under scrutiny and manages the security budget, often including that for OT, it is the operations manager who bears the responsibility of ensuring uninterrupted production in the factory. This situation creates an inherent conflict due to differing priorities. IT professionals adhere to the CIA framework, prioritizing Confidentiality first, followed by Integrity and then Availability. In contrast, operational personnel prioritize Safety, followed by Availability, Integrity, and lastly, Confidentiality - forming the (S)AIC sequence.

This dichotomy results in conflict and friction, yet the underlying shared objective remains clear: safeguarding business continuity. Recognizing this common goal, CISO (IT) and the Operations Manager (OT) must collaborate to navigate these challenges and harmonize their approaches to secure business continuity.

3. Develop a comprehensive OT security plan Securing OT environments requires a proactive and customized approach to the unique challenges of industrial operations. Companies must conduct a thorough identification and assessment of their assets, understanding the risks associated with each machine. Rapid detection of anomalies is important, but more crucial is the implementation of robust protective measures to safeguard these assets. Having a comprehensive recovery plan in place and implementing measures to minimize impact is also important and is commonly recommended by experts such as those from ISA/IEC 62334.

Currently, many companies focus on asset inventory and threat detection. While these are important, they are not sufficient to protect OT environments. Companies must also implement measures to protect their assets.

4. Protect yourself with Network Segmentation Network segmentation is an excellent way to secure OT environments. By dividing networks into zones and separating with conduits providing access controls, companies can bolster security and prevent unauthorized access. The benefits of network segmentation include:

Protection from outside traffic - Separation from IT!

Inspection of inside traffic - Downtime is often caused by internal threats, intentional, or unintentional.

Guarding remote access traffic - Allowing remote maintenance can be critical for your uptime, but it can also be a backdoor for threats to enter your network. Take granular control of the traffic flow.

Isolation of visiting workers - Know what&#

LINK:	https://www.hms-networks.com/news/news-details/21-04-2024-defending-in...
	See more stories from hms

Most recent headlines