By Steve Lawlor
Business systems and industrial processes are becoming increasingly interdependent. As the convergence of manufacturing and IT relies on networks, these infrastructures are increasingly exposed to new security risks and active cyber threats. Addressing these risks poses many challenges for business; overcoming them will help the company benefit from the many advantages that networked operations bring without leaving it exposed unnecessarily. Security management is challenging in today’s complex and interconnected environments.
Industries are becoming increasingly reliant on advancing technology and the benefits it provides. The rapid development of long distance communication technologies has created a global interconnected platform allowing for boundless information sharing that is not limited by proximity. Remote systems in isolated locations are able to rely on control centres in capital cities where diagnostic and operational data is relayed back and forth through a network, eliminating the need to have a large physical presence on site. In the manufacturing environment this facilitates operating uptime, efficiency and safety, all crucial to productivity. Remote operation relies on timely data transmission and the efficiency and safety of the manufacturing environment is reliant upon networked system integration.
As internet connectivity expands to touch industrial control systems, new variables are introduced to automated systems. Left unchecked, these variables can compromise the integrity of information and control aspects of the system. Regardless of industry or application, attacks on networks are becoming increasingly more sophisticated and targeted. They often originate as a ‘simple’ email scam or virus that is spread like the common cold from computer to computer.
The advanced design of contemporary malware allows it to be skilfully cloaked from detection. Once a computer asset is successfully infected, what was merely a latent security risk can quickly evolve into a real and insidious threat and all-out attack that expands from one asset to an entire system. Many new cyber threats first manifest their effects as simple information-gathering activities. As the malware continues to evade security countermeasures, espionage activities may be altered to target specific assets, such as intellectual property or confidential information. In the extreme case, elaborate cyber attacks on critical assets may successfully disrupt safe and reliable control system operation. Targeted malware attacks validate previous fears that the frequency and impact of critical infrastructure incidents will increase in the future. As a result, it is essential that companies assess their risk of both physical and cyber attacks and execute measures to help address, and where possible, eliminate known cyber vulnerabilities.
Industrial network security is multi-faceted – it is essential that all variables that introduce risk, such as human error, mechanical failure or unforeseen changes to operating conditions be proactively identified, tracked and addressed in order to help facilitate a safe and reliable industrial process. Security is an element that requires strong risk consideration. It too is a variable that can affect the safety of the system, however, unlike traditional activities to address risk, security mitigation actions must work to address a creative and, regrettably, sometimes malicious human element that may specifically seek to circumvent risk controls.
Intellectual property (IP) – patents, trademarks, employee knowledge or trade ‘secrets’ – are often more valuable to an organisation than its physical assets. For this reason, protecting IP is another very important aspect of network security.
Communication between people in an organisation on an ongoing basis is critical. If employees are informed about information that needs to be protected, they can be more aware of ways to protect it. Software tools can be used to locate confidential documents, and also identify people that are using them and what they are using them for. It is advisable to keep sensitive data in a particular location (physical or virtual) that can be secured to monitor and restrict access to those who need it. Using strong passwords and changing them regularly is also a simple but effective way of keeping sensitive information secure.
Firewalls continue to be used as one of the first lines of defence to segregating company assets and protecting operations against potential security threats external to a particular system or subsystem. The firewall can isolate business, office and industrial networks from one another standing between subnets in various parts of a facility. Furthermore, these same firewalls can separate systems from open access to the internet, or other infrastructure means used to enable remote network access. The use of firewalls is often supplemented with other defence measures, utilising several layers of protection such as access control, anti-viral software, and intrusion detection.
Appropriate asset maintenance and management of these defence measures can determine the level of protection offered by security measures, such as firewalls.
Proper configuration is essential to maintain the efficiency and efficacy of a firewall system. Regular updating is recommended to keep it current with the internal and external environment of the network. By checking activity logs on a regular basis, attempted and successful intrusions can be monitored and addressed. Technical controls such as intrusion detection/prevention and a host of other software systems can be implemented to help protect the security framework.
More industries are connecting to wireless networks to access the benefits that the increased flexibility offers. Although wireless networks provide substantial benefits for organisations, stability and uptime can be a concern for the application engineer and security remains the number one concern.
In the absence of appropriate security measures, a wireless connection is easily accessible to potential threats. It is an air-based media, without the pathway limits of copper wires, that extends in many directions, often well beyond the physical envelope needed by the system. Technological advances continue to evolve allowing advanced methods of restricting wireless network access to only authorised users. Modern encryption techniques can be used to avoid someone accessing data maliciously, while filtering and strong authentication allow only authorised devices on the network. It is advisable that organisations interested in deploying wireless networks consider a multi-faceted approach to security that involves both procedural and physical components.
While it is well established that organisations such as government departments, defence contractors and financial institutions are likely targets of highly sophisticated, malicious attacks, industry should not be complacent. By far the biggest threat to industrial organisations is the non-direct effects of an unintentional security breach – such as an employee making a parameter change online that has far-reaching effects somewhere else in the plant. In addition to non-direct threats, critical systems are increasingly prone to the effects of many broadly-focused, ill-targeted malware attacks. By conducting an asset-based risk and vulnerability assessment, security procedures can be developed that will address potential risks and threats targeting control systems so that people, assets and key information are protected.
Security throughout the automation lifecycle of a control system requires ongoing investment in order to help protect the system from evolving threats. It is essential to proactively plan and implement a control system strategy that accounts for obsolescence and associated risks with aging products and systems. By maintaining the competency of control system operators and maintenance personnel, evolving security risks can be mitigated. Important focal areas of lifecycle management include training and continuous improvement, monitoring of people, process and components, auditing and maintenance.
The awareness of industrial systems being targeted is likely to increase with more direct attacks being expected in the future. More systems will be designed from the ground up to be secure, changing the focus from physical security to auditing the system and continually monitoring compliance and up-to-date technology.
For further information:
Visit: www. rockwellautomation.com/security