This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Finding common ground in IT and OT convergence

06 November 2017

The interconnection of information technology (IT) and operational technology (OT) is a source of new opportunities and challenges. With increasingly automated and robotic supply chains, manufacturing and engineering companies are becoming more connected, but this exposure to external data flows inevitably leads to new risks, says Robert Wakim.

One of the biggest challenges for the industrial sector is to understand the level of risk and the impact that cyber security attacks can have, particularly as the transition to Industry 4.0 gathers speed. 

Over the last two years, Stormshield has worked closely with Schneider Electric in a joint effort to respond to these industrial security issues. We understand network, workstation and server protection, while Schneider Electric understands OT. 

What has been interesting is the realisation that there is a significant gulf between the priorities of manufacturing engineers and the priorities of security and IT teams. For the engineers, the focus is on availability. Production must continue because any interruption could result in a serious set-back and it must be safe because engines, motors and processors carry a physical risk to operators. IT, on the other hand is not unduly worried about availability, but a computer network security breach could wipe out essential data and has the potential to let hackers gain access to control systems. 

The joint project revealed that, particularly in Europe and the US, many manufacturing enterprises believed that their production processes were unconnected to the Internet, or hadn’t considered that there was even an Internet connection in the factory. 

This was well illustrated recently by a post from a chemical engineer detailing how a problem arose in his control room which monitors multiple petrochemical factories. The local control system went down, the computers showed an error which resembled a ransomware attack, and it was only when a colleague went to make a coffee, that they realised the same error message was showing on the Internet-connected coffee machine. Instead of being solely connected to an isolated wi-fi connection, the machine had mistakenly been connected to the internal control room network. The likelihood, given the timing of this attack, is that the network was infected by WannaCry ransomware, which was also responsible for infecting millions of devices worldwide running on Windows XP. 

The fact is that the gap between the factory and the Internet has become small, even non-existent, and with the growth of IoT connected devices, cyber security risks are escalating. For most engineering firms, however, the focus remains firmly on designing sophisticated systems that are robust and safe, and this is having a detrimental effect on securing networks.  

How high is the risk?
In many ways, the lack of real concern in the industrial sector to date is understandable. Working with Schneider Electric, we realised that the technology used in manufacturing enterprises is rarely standard, highly complex, and often unique. This would mean that a malicious attack on industrial processes would have to be very specific in order to do harm.
But the status quo is about to change. A new virus, Industroyer, recently came to light and reports have indicated that it has the power to seriously damage or compromise industrial control systems. This virus can speak four industrial languages and is highly customisable, and the likelihood is that it would be used in targeted attacks. To what end? If not to extort money from individuals, then more likely to create nation-state attacks that disrupt vital infrastructure. 

Ukraine has been on the receiving end of attacks of this nature, with two widespread blackouts occurring in the winters of 2015 and 2016, both of which left 700,000 homes without power or water in Western Ukraine. The 2015 incident is believed to be the first example of a hacking attack deliberately targeted at a power grid and was attributed to state-sponsored hackers in Russia.

So, for all their robustness, industrial operational systems are not safe from attack, nor are they compatible with today’s interconnected environment. Now, as OT and IT systems converge, there is an urgent need to find a balance between ensuring availability and securing themselves against cyber attacks. 

Changing mindsets
Observing the industry, we have seen that change has to happen between departments and people before any change can be made to technology. Engineers literally speak a different language to IT managers, and they need to agree a common approach and strategy. 

This becomes more important every day. The influence of Industry 4.0 on automation is bringing about huge changes and greater adoption of cloud and cognitive computing. With this comes a need for massive computer resources to support the flow of data to and from the cloud via IoT connected devices. In adopting Industry 4.0, factories are communicating in real-time across networks and that means they need to be secure. 

Standard firewalls and security software are not enough. The project with Schneider showed that, when challenged, existing solutions lacked the necessary characteristics to be effective in industrial environments. So, as well as working harmoniously alongside industrial hardware, next-generation firewall hardware needed to be built to adapt to the industry prerequisite such as DIN rail mounts. 

These solutions would be ‘hardened’ and ruggedised according to key criteria including temperature, dust and humidity. In order to provide the same level of security, the firmware would be the same as other firewalls, but include specific industrial protocols. And, in addition, they would be sensitive to the need for safety. Ordinarily, in an IT setting, if a firewall crashes, the network stops functioning. In an industrial setting, however, safety modes enable a packet to go through regardless of whether there is power, because for OT systems, availability and safety are the priorities and the factory has to be stopped in a safe position.

A key finding from this joint project was that compromise is the way forward. Both OT and IT need to work together to combat the risks, regardless of what those risks are. The threat to the new generation of manufacturing enterprise does not come from within if appropriate consideration is given to safety, availability and security. 

Robert Wakim is the industrial offer manager at security solutions company, Stormshield.

Print this page | E-mail this page