Networking / Cybersecurity

How to identify cyber threats before they strike

Measures can be adopted to secure industrial systems

By David Smith, Smart Card Institute

As more factories apply the principles of the fourth industrial revolution or Industry 4.0, converting into smart factories, the growing integration between information technology and manufacturing technology is easy to see. Concepts such as the Internet of Things (IoT), cloud computing, cognitive computing and artificial intelligence are becoming an integral part of manufacturing processes. These technologies have aided the manufacturing industry by providing greater automation, better quality products and increased productivity.

However, implementation of Industry 4.0 heavily relies on increased communication between the production and control systems involved in manufacturing processes and on these devices being connected to a network or to the Internet. These connections leave the manufacturing industry open to potential cyber threats.

Attackers who target the manufacturing sector may do so to achieve the following goals.

  • Disrupt operational systems/processes: Hackers may remotely take control of manufacturing systems and processes to tamper with products. Any such disruption could prove costly to manufacturers and can also risk the physical safety of the operations personnel or the consumers. In August 2017, a petrochemical company with a plant in Saudi Arabia was hit by a new kind of cyber-attack, according to the New York Times’ article, “A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try.” The attack was not designed to simply destroy data or shut down the plant, investigators believe. It was meant to sabotage the firm’s operations and trigger an explosion.
  • Industrial espionage: Competitors who wish to gain intelligence about the manufacturing processes and product design of a company can now spy using cyber intrusion. Malicious competitors can now easily outsource the spying activity to an expert hacker whose services can be obtained on the dark web.
  • Steal data for ransom: In a ransomware attack, data is usually encrypted and only made available on payment of a ransom. The stolen data could also be passed on to competitors in some cases. The Petya family of ransomware has been known to create havoc and has affected Russian oil company Rosneft and pharmaceutical company Merck, among others.
  • Undermine credibility of a business: Denial-of-service attacks, which deny electronic access to a business, might be designed to undermine the credibility of that business or be used as part of a blackmail campaign.

Essentials Guide — The "IIoT-Ready" machine

To achieve these goals, attackers could target different areas in an industrial automation system through different channels, such as:

  • unauthorized changes to instructions, commands or alarm thresholds in industrial control systems
  • inaccurate information sent to system operators
  • modified configuration settings of control software
  • interference with operation of equipment protection systems and safety systems.

A combination of security policies, procedures and technology can be used to implement strong cybersecurity in manufacturing automation and control processes. These could apply to a variety of industrial control systems including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCSs), control system configurations such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs).

Measures that can be adopted to secure these systems could include the following:

  • Develop security policies, procedures and corresponding training material for every individual component of the system.
  • Take security into consideration throughout the lifecycle of the automation design and engineering process. This applies to upgrade of existing systems, as well as installation of new systems.
  • Design network topology such that the most critical communication occurs on the most secure and reliable network layer.
  • Segregate the automation system network from the corporate network using firewalls and a demilitarized-zone (DMZ) network architecture to limit data and services to external sources.
  • Disable unused ports and services on devices connected to the network.
  • Restrict access to devices to only personnel who actually require it. Verify identity of authorized personnel using modern technology such as smart cards for identity verification. Authentication mechanisms and credentials should also be separate for corporate vs. systems network.
  • Implement latest security controls and ensure that they are up to date. These could be implemented through the use of antivirus software, intrusion-detection software and file-integrity-checking software.
  • Use encryption technology to secure storage and communication of data.
  • Use audit trails to ensure that any discrepancy in the implementation of standard operation procedures is tracked.

In order to stay ahead in the game, it has become a necessity for manufacturers to adopt the advantages offered by new digital technology. With new technology comes new security challenges. The first step required to overcome these challenges is to recognize the possible threats and then to find the appropriate solutions. This was addressed in “4 solutions to the 3 biggest cybersecurity challenges,” which deailed how fear and lack of tools and talent could hamper the proper implementation of cybersecurity in an organization. Deciding and then outsourcing the responsibility of implementing cybersecurity is also sometimes not enough. Manufacturers also need to understand what security features are being adopted and how effective they are in mitigating the risk of cyber threats.

ALSO READ: The accumulating case for deterministic control