In cybersecurity, the most secure businesses have one thing in common. They have spent time assessing their risks and understanding their tolerance for those risks.
Risk tolerance can become quite specialized in the machine world as machines present unique aspects to consider.
Machines and machine-control devices increasingly rely on the cloud and remote connected features. As features and services expand, the associated attack surface expands.
The potential consequences of a breach involving connected machines can range from disruption of manufacturing processes and associated adverse events to human safety dangers. Hackers often target manufacturing facilities because they use vulnerable technology that frequently does not improve along with changing threats.
Organizations must protect themselves against cyberattacks that could potentially harm people or disrupt services.
The incredible complexity of machines relies upon a long and technologically sophisticated supply chain. As machines are designed, they present to hackers an attack surface typically made up of the expected machine-control elements—programmable logic controllers (PLCs), connected I/O, sensors and an on-platform or remote human-machine interface (HMI).
Machines have a few more interesting aspects to their attack surface—physical ports that, if accessed, can open the internal workings of a machine. Machines have a steady flow of information streaming as telemetry, including machine status, health and maintenance status.
Considerations for cyber controls used to protect a machine must account for performance and cannot interfere with the machine's overall performance. If cyber controls affect machine performance even a little, the probability of users disabling those controls by the machine owner can be high.
Machines are frequently purpose-built. From an attacker's perspective, once they understand how to attack one machine model, those tactics and techniques can be applied repeatedly. Compensating controls around the machine—think, defensive layers—rise in importance.
The owners of a factory or plant must account for this issue through cyber controls such as perimeter hardening or network partitioning. Vendors are adding more security features to support cyber standards such as ISA/IEC 62443. Machine owners need to review the available features and implement them.
Machines have a human-safety aspect to them. Rotating equipment, blades, high voltages and milling components raise the bar when securing a machine. During the design and development of machine components, vendors have considered failure modes that cybersecurity attacks can bring. You will find cybersecurity features to help manage those risks.
Finally, while machines can be interconnected, they are islands of functionality, meaning that one compromised element of a machine can leave exposed a collection of other related components. You cannot simply turn off one compromised machine component—for example, a ransom-wared HMI—and continue to operate.
When securing a machine, it helps to look at components, but understanding the machine's mission and accounting for these consequences in the event of an attack will allow the machine owner to see the true nature of the security challenge.
Machine builders build a machine, test that machine for its intended functions and would prefer never to have to change the machine again. But we know this is no longer acceptable.
The changing threat landscape requires that machines and their active components be updated regularly. If this is not feasible, then compensating security controls can help. The defense-in-depth concept lends itself to the securing of machines very well. Layers of defense can catch attacks using newer techniques.
Risk awareness starts with a basic understanding of the elements that make up your machine. The manufacturer can provide a comprehensive understanding, or you can seek a bill-of-materials list. Understanding how the components are interconnected, you will understand the attack surface potentially exposed to hackers.
Factor in your security controls, such as firewalls, workstation hardening procedures and patching programs, and a risk picture is now painted. Getting professional help with the risk mitigation steps is recommended. Somebody familiar with machine and operational technologies can help highlight the gaps in a cyber defensive strategy.
Assembling a risk matrix in a plant by identifying the criticality of the missions of these machines and components from your operation can be daunting. Your vendors are certainly aware, if not already following it.
Fortunately, ISA/IEC 62443 focuses on industrial cybersecurity needs. It is a standard born by hundreds of experienced contributors worldwide. It specializes in detailing what needs to be done to accurately assess risk and deploy industrial technology and how to speak with vendors about your cybersecurity needs.
Use ISA/IEC 62443 to define your risk assessment process. Have a conversation with your machine providers about complying with 62443. Urge your machine suppliers to reach back into their supply chains, requiring conformance from component manufacturers. Get help as needed. Keep in mind the entire machine, unit and factory must be secured to keep hackers out.
Cybersecurity is not a single event or a single destination. The finish line is constantly changing. By using a standard such as ISA/IEC 62443, you will be better prepared to take on the challenge, as you will have an active army of security professionals behind you.
