Sponsored Article

Securing your OT network

13 September 2021

Matt Lundberg highlights the importance of locking down your operation technology networks.

In December of 2015, at 3:30pm, workers of the Prykarpattyaoblenergo control centre – an electricity distribution outlet for the Ivano-Frankivsk region of Western Ukraine – were preparing to wrap up their day and head home for the evening. That was until one worker noticed his cursor jump across his screen of its own volition. He then watched helplessly, as his mouse was unresponsive to any of his own inputs, as whoever was operating it clicked to take one of the substation circuit breakers offline, instantly dropping electricity distribution to an area just outside the city, home to around a thousand residents.

Then they switched off another.04 And another. And then another 27. In total the hackers switched off 30 circuit breakers at the control centre, but they didn’t stop there. They hit two other distribution centres in the city until more than 23,000 residents were left without power.

It wasn’t that the control centre’s operational technology security was more lax than others, nor was it particularly substandard. It could even be classed as a little more robust than that of some centres in the UK and the US, but in the end, it simply wasn’t secure enough.

The term Operational Technology (OT) defines a setup of both hardware and software used to monitor and administer physical devices, processes and events. SCADA systems are one of the archetypes of these systems, and one of the most popular, which are used to operate machinery and monitor temperatures and outputs in industrial environments.

It’s clear that if hackers can gain access to these systems, they gain access to any machinery connected to them.

When hacks affect physical machinery things can become dangerous. Imagine a metal pressing factory, with numerous stations of heavy machinery slamming and punching thick metal into useful shapes. Even in the hands of a skilled labourer these machines are dangerous. In the hands of a remote hacker, with intent known only to themselves they can become deadly.

Halting production by shutting down a robot on a production line is costly and inconvenient to the company. But should the hacker take control of and disable something like a pressure release valve on a gas tank installed on an offshore oil rig, the consequences could be disastrous.

Securing your OT network?
There are many aspects to an OT network that don’t just fall under the hardware/software umbrella. Physical security and policies and procedures are just as important.
 
For instance, it’s great to have a stringent password policy but if a person can simply walk up to a device and pull the power cable, or insert a USB containing malicious code, passwords and security policies become redundant in an instant.

Having policies in place for access rights, encryption policies, passwords, and having procedures for hardware configuration and network segmentation, all contribute to securing the network. The IEC 62443 standard sets some minimum configuration parameters with regards to password complexity, encryption, disabling unsecure protocols etc, which many networking products are certified to.

But, if anyone has physical access to these systems, they do no good at all.

Locking devices up behind some form of physical barrier removes the threat of these simple denial-of-service attacks. It seems simple, but it is surprising how many companies are blasé about the physical protection of their most vulnerable computing assets when the solution is so cheap and simple to implement.

Firewalls are another mainstay of OT and IT security, but as more physical devices are connected to the internet, the need for more robust security measures has pushed the possibilities of what can be locked down, and how. We now see Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) make headway into the OT networks — systems that continuously analyse the packets flowing through the network and scan for malicious activity. Depending on the security policies of the network, this malicious activity can either prompt a notification to network engineers or be ceased completely.

In summary
As industrial systems become more connected – be it to the cloud or otherwise – the need for all these elements to work together becomes more important. Where we can never be 100% secure, due to the constant evolution of hackers and their tools, we can at least secure our OT networks to the point where they are highly locked down and a deterrent to hackers. 

Matt Lundberg is technical lead, Industrial IoT at Impulse Embedded.


Contact Details and Archive...

Print this page | E-mail this page