IT and OT collaboration is vital for a secure Industry 4.0

04 June 2018

Increasing connectivity of machines and equipment is offering manufacturers competitive advantage by producing goods more efficiently. However, the only way that Industry 4.0 can succeed is when IT and OT collaborate on an overarching security approach, argues Anja Dienelt.

For IIoT to succeed network issues and cyber attacks need to be systemically detected and blocked. To achieve this, security measures specifically designed for Industry 4.0 must be taken on all automation levels and this requires close collaboration of information technology (IT) and operational technology (OT) to proactively combat the ever-growing risk of cyber attack.

Today many enterprises consider security as being the biggest obstacle on the Industry 4.0 journey, as a survey on Industry 4.0 by IDG Communications Media AG revealed. The highlighted the fact that enterprises fear hacker and DDoS attacks the most, followed by industrial espionage and the resulting loss of competitive advantage. However, it remains unclear for many who within an enterprise is responsible for securing production sites and processes – is it IT or OT?

In 2017, automation and IT experts and security specialists met at the ‘IT meets Industry’ conference in Germany, where it became apparent that responsibilities concerning Industry 4.0 security have not yet been clearly defined. A survey concluded that many operational technicians feel like it is their responsibility.

To date OT has focused on production and industrial equipment availability, but without connection to the Internet. IT, however, takes care of data security and has little to no experience in dealing with industrial systems.

Working together
Traditional automation technology continues to evolve with development being heavily influenced by digitalisation and increased connectivity. IT and OT must collaborate closely to secure Industry 4.0 and this necessitates a change in organisational structures: IT and OT must intertwine their processes to profit from each other’s expertise. That is why, IoT security cannot be achieved solely by using suitable technology. It is also important to clearly define the roles and responsibilities of OT and IT individuals and departments.

Machines security loopholes often originate in remote maintenance and update interfaces. Information can leak or malicious external data may infiltrate a company through these weak spots. In most cases, controlling devices used in production networks are not able to fight such threats because they were designed to ensure a network’s availability, not its security. In addition, mainly heterogeneous data flows through industrial networks – unlike the homogenous traffic of office networks.?

That way, a network turns into a black box: It becomes home to an opaque flow of information and commands, used for remote machine maintenance, for sending product information to production systems, for ensuring constant site monitoring and for synchronising logistics. More often, external partners have access to these networks.

Suppliers usually integrate their own IoT solutions into their machines, often leaving production owners without knowledge of what happens inside their own network. Yet they depend on production to run smoothly and it is only when it does that Industry 4.0 is able to deliver on its promise. The plant needs a multi-layered approach to data protection to enable users to leverage the advantages of secure IP-based networks for production and automation processes.

A multi-layered concept
Currently, several security solutions for securing industrial systems are available. Dependable security products work on all levels of automation across IT and OT systems of a manufacturing site and consist of network sensors, reporting tools, firewalls for industrial sites and Ethernet encryption – while being fast enough to not slow down production processes.

How does that work? By inserting the network sensor into the network at numerous positions, it analyses network traffic, revealing processes on the field or control networks and potential attacks. A core feature of the analysis is a technology called deep packet inspection (DPI). Instead of classifying traffic by analysing which port is used, DPI gives insight into the data’s contents. This accurate decryption allows for the detection of cyber attacks hidden in permitted protocols, even if sophisticated obfuscation and encryption techniques are employed.

The reporting system accumulates and correlates the information obtained on all levels of industrial automation. It assesses the network’s status, the communication relations within it or the communication behaviour of individual machines. Event monitoring can even visualise anomalies as they occur in the network. The data obtained by the system provides the crucial basis for securing continuous operation, and for network capacity planning and load balancing.

New defence technologies
Based on network analytics, necessary precautionary measures can be taken. These measures, however, require new technologies. Up until now, processing and controlling networks were mainly protected by classic firewalls which protect the company network as a whole from external attacks (first line of defense). Such perimeter firewalls are no longer sufficient for complex industrial networks. Instead, additional firewalls must work inside the network and segment it.

DPI technology should be part of it, too, in order to defend against unknown attackers. Unlike the port-based approach, DPI technology is able to immediately identify and validate any kind of traffic, even down to individual applications, devices or users. DPI technology therefore provides proactive protection through whitelisting. This process ensures that industrial networks can be accessed only by authorised users using predefined commands. To achieve this, the network administrator can allow or block individual protocols. This is possible by applying restrictive rules to data traffic between machines or between a machine and a user. Port-based firewalls, on the other hand, use blacklisting, which only allows for identifying and blocking viruses or spyware after adding them to the blacklist.

Industry 4.0 also creates new requirements for industrial communication. Security is in the spotlight as company facilities get more and more interconnected and automation systems are connected to ERP systems in private or public clouds. Functionalities such as integrity protection and encryption with strong authentication gain importance. Therefore, high performance encryption devices protecting connections between data centers and locations (WAN, Wide Area Networks) from interception and manipulation are also key for a dependable solution.

Anja Dienelt is solution manager IoT at Rohde & Schwarz Cybersecurity.

Contact Details and Archive...

Print this page | E-mail this page