Overcoming the security challenge

08 April 2018

Connectivity is often seen as a significant challenge to plant security, and in the new era of IIoT it is vital that security considerations are prioritised. Suzanne Gill reports.

With each new connection comes another potential point of entry for a security threat – be that physical, digital, internal, external, malicious or unintended. “With every part of the enterprise now connected in some way to the whole, the risk at every point of ingress is now also a risk to the whole enterprise,” said Mike Loughran, field business leader architecture & software sales at Rockwell Automation.

A range of security concerns need to be addressed, including the safekeeping of Intellectual Property and market sensitive data; protection from intrusions that might negatively affect throughput, employee safety or the environment; keeping critical public infrastructure such as wastewater treatment systems online and operating safely; keeping enterprise systems online and not causing network related downtime; and allowing selective remote access to industrial operations.

“With all of this in mind, the commitment to industrial security must be renewed regularly and must evolve constantly with the ever-changing threat environment. The worst thing to do is become overwhelmed by the possible threats,” warns Loughran. “A good approach is to start by focusing on the probable threats, which will help create better security practices in general.” There is no single standalone product, technology or methodology that can protect from the wide variety of possible threats. The days of security-through-obscurity are also gone – it is hard to measure success and therefore efficacy of that kind of approach.

“Proprietary networks that rely on one vendor fall short when they don’t use other available IT tools, innovations and security features on the market. “Security should encompass everything – from the enterprise level, through the operational level and all the way to each and every enabled device,” continued Loughran. It must take into account risks from staff, processes and technologies alike. It requires IT and OT operatives commitment and collaboration – each has a vital role in establishing and maintaining a secure network infrastructure A holistic approach can start with three simple steps: To understand the risk undertake a security assessment; deploy a multi-layered security approach – ‘Defence in Depth’; and verify that your automation vendors follow core security principles when designing your products.

Getting the balance right
Niklas Mörth, project manager cyber security at Westermo, agrees with Loughlan. He believes that one of the biggest challenges presented by an increasingly connected industrial landscape is achieving the right balance between security and operations. He said: “The security measures that a plant implements can, potentially, make life difficult for its operators. For example, you could implement network segregation to filter out all the traffic that does not belong to your network, but if you do not keep the network segregation up-to-date, you could block valid and important operational data. In a worst-case scenario, the mechanism that was supposed to protect against external threats could be the very thing that halts operations.”

With plants under constant pressure to maximise availability, an operator might decide to disable network segregation and filtering, in the belief that this will help to maintain production. However, it is there for a good reason. “Its purpose is to prevent a hacker from breaking into the network and carrying out an attack which could have even more serious consequences,” said Mörth. “It is vital to have a sustainable security posture. Network segregation and other security protection features, such as perimeter protection, intrusion detection, spoofing protection and network-to-network protection are all important. However, if they are to function properly, it must be understood that cyber security is not only about technology but also about people. “A crucial aspect of cyber security is keeping your defensive mechanisms up-to-date. Create your security baseline and then constantly reassess the defence, adjust it, and have plans in place for what to do if something happens. That requires technology, people and knowledge, and is the core of a sustainable security posture. Cyber-attack threats are constantly evolving, and therefore so must your defences,” concludes Mörth.

Slow takeup
Worryingly, a study ‘Putting Industrial Cyber Security at the Top of the CEO Agenda’ conducted by LNS Research and sponsored by Honeywell, found that industrial companies are not moving quickly enough to adopt cyber security measures to protect their data and operations. The survey polled 130 strategic decision makers from industrial companies about their approach to the IIoT, and their use of industrial cyber security technologies and practices. Over 50% of respondents reported working in an industrial facility that already has had a cyber security breach, while 45% reported that they still do not have an accountable enterprise leader for cyber security and only 37% are monitoring for suspicious behaviour. Although many companies are conducting regular risk assessments, 20% are not doing them at all.

Some good news
The good news is that, while Honeywell’s study highlights the slow rate of adoption of cyber security measures, Sanjin Biševac, service sales manager Europe at Emerson Automation Solutions, has identified that the implementation of a range of cyber security measures is now far more prevalent within manufacturing and process companies than it was just a few years ago. So, maybe adoption is now speeding up. Biševac points to two key drivers for this change – regulation and digital transformation.

“Several government bodies across Europe are now encouraging the adoption of cyber security measures, especially within critical infrastructure,” he said. To a certain extent, these bodies form their requirements based on recommendations provided by a single series of international standards – ISA/IEC-62443. With this unified standard comes guidance that helps process and manufacturing companies strive for improved cyber security practices.

“Starting to implement cyber security measures can be relatively inexpensive, beginning with workstation hardening, user-account management and patch/security management,” said Biševac. “These measures can reduce the surface for potential attack and increase security at the interfaces of devices.” Firewalls can be used to segment automation systems internally and to isolate them from Level 3 and other external networks. Firewalls can ensure that only authorised devices/applications can communicate with each other and protect the integrity and confidentiality of messages exchanged between communicating applications.

“Protection against intentional violations can be increased with Security Information and Event Management (SIEM) and Network Security Monitor (NSM) solutions. SIEM deals with real-time monitoring, correlation of events, notifications, analysis and reporting of log data. NSM monitors traffic on automation system networks to identify suspicious content and malicious activity.

“With new security threats constantly arising, cyber security should be considered as a continuous activity. A company’s appetite for cyber risks and its budget availability will determine which security levels it will try to attain,” concluded Biševac.

Contact Details and Archive...

Print this page | E-mail this page