CYBERSECURITY Digital Automation System Maintenance and Cybersecurity – the Perfect Partnership? In the last years, the number of cyber-attacks has increased dramatically. In light of this, it is not surprising that organizations are increasingly looking to invest in cybersecurity. ROBERT VALKAMA, Senior information security consultant at Nixu Corporation, email@example.com WHAT DOES a cyber-attack mean to you? The term brings many different mental images; from pizza driven nerds in a dark basement to organized operations funded and supported by state level actors. The intents for attacks vary greatly; from opportunistic hacking or showing off for friends to pursue of financial benefit and to well organized disruption of a specific physical function. Even in the best-case scenario, cyber-attacks in industrial automation are highly inconvenient. An example of such a scenario would be an inadvertent attack, where malware intended for ordinary ICT systems enters a production environment, causing disruptions 40 maintworld 2/2017 and production downtime. Example of this type of an attack is a crypto malware infecting the HMI systems. In the worstcase scenario, the attack is intentional and causes total destruction, incurring substantial replacement and recovery costs both in terms of time and money, i.e. jeopardizing safety. Despite the intent of the attack, there are steps that can be taken in order to make it harder for the adversary to succeed in the attack. Securing industrial systems requires both technical and administrative controls to be put in place (essentially in the same way as securing ICT systems, but with slightly different emphasis), and in many cases, these controls also benefit the maintenance of the systems. Mutual benefits When it comes to automation systems, the goals of cybersecurity and maintenance are practically the same: ensuring error-free production and safety. The essence of automation systems is that they operate in the right way at the right time. In some industries, automation system’s cybersecurity also includes protecting intellectual property. In practical terms, this means protecting manufacturing processes’ run parameters from information leaks. Cybersecurity controls can also have
CYBERSECURITY substantial benefits for maintenance. For example, asset and configuration management, systems hardening and security monitoring. Asset and configuration management is one of the corner stones in cybersecurity. Without accurate knowledge of the environment, it is very hard to reliably secure it. A complete, accurate and up to date documentation of the systems in an easily accessible (queried) format is required in order to be able to rapidly respond and investigate the potential impact of newly discovered vulnerabilities on the protected environment. A traditional blue print type of documentation is usually not sufficient for this, as they don’t contain important and needed information of the digital devices like, used software and versions, firmware versions, configuration information etc. This information is essential for example when conducting vulnerability assessments, but it will also streamline fault diagnosis. System hardening (removing or disabling superfluous software) is primarily intended to reduce the relevant system’s attack surface, but can also have the additional benefit of removing potentially faulty software from the relevant system. This, in turn, reduces the need for unnecessary maintenance. Cybersecurity monitoring is another function that can be easily utilized in maintenance. These tools focus on keeping track of an automation system’s network traffic and scouring its logs. They are intended to identify exceptions or changes, which means that they can also be configured to monitor maintenance-relevant information, combining and centralizing two separate functions. Monitoring tools can be configured to generate maintenance-related alarms or events when ASSET AND CONFIGURATION MANAGEMENT IS ONE OF THE CORNER STONES IN CYBERSECURITY. an exception is detected in the same way cybersecurity-related alarms and events are generated. This is especially beneficial in multivendor environments where automation systems from several suppliers are used. In multivendor environments the different systems may be monitored separately, using their own diagnostic tools, but a common overview is not available. Depending on the environment and personnel size the monitoring may also be limited to post incident resolution, or “extinguishing fires” as some may refer to it. With good and high quality monitoring the maintenance of the digital assets is shifted towards a preventive maintenance mode, where incidents are identified before they cause any process disruptions. Discover the hidden treasure in Maintenance Discover the hidden treasure in Maintenance There is value hidden in every maintenance organization. All companies have the potential to further improve, either by reducing costs, improve safety, work on the lifetime extension of machinery or by smart maintenance solutions that improves uptime. The question is where maintenance managers should be looking to fi nd these areas of improvement and where they need to start. You will fi nd the answer to this question at Mainnovation. With Value Driven Maintenance ® and the matching tools like the VDM Control Panel, the Process Map and our benchmark data base myVDM.com, we will help you to discover the hidden treasure in your company. Do you want to discover the hidden treasure in your maintenance organization? Go to www.mainnovation.com CONTROLLING MAINTENANCE, CREATING VALUE.