24.01.2022 Views

Manufacturing Cybersecurity: Are Your Industrial Control Systems REALLY Protected?

  • No tags were found...

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

Manufacturing Cybersecurity: Are Your Industrial

Control Systems REALLY Protected?

Manufacturing is the second most commonly targeted industry by attackers and many attacks are

successful due to the many vulnerabilities that exist in Industrial Control Systems (ICS.) ICS

encompasses the devices, systems, networks, and controls used to operate and/or automate

industrial processes. In many cases, the motivation for the attack is to steal valuable intellectual

property, however, a great majority of cybersecurity problems are not caused by malicious attacks

but are the result of a negligent or careless employee or contractor. Whether it is an outside or an

inside threat, both represent harm to a plant’s operations.

Manufacturers and utility providers are making cybersecurity a greater priority as these attacks can,

and often do, result in defective products, production downtime and major safety hazards.

What vulnerabilities exist in manufacturing plants?

Employees/contractors: In 2015, 60% of all attacks were carried out by insiders; employees or

anyone who has access to a company’s assets (i.e. contractors.) [1]

Internetworking: New business models related to the Internet of Things (IoT) has made

manufacturers more vulnerable as both the industrial and business networks are interconnected to

the internet and no longer separated, expanding the attack surface.

The automation layer: One of the easiest and successful ways to launch an attack in a

manufacturing facility is to change an automation’s device program data. “While a predefined set of

process parameters can be changed through HMI/SCADA applications, the logic maintained on the

controller defines the process flow and its safety settings. Therefore, changing the controller logic is

both the easiest and most successful way to cause such disruption.” [2]

AUVESY-MDT • 3480 Preston Ridge Road, Alpharetta, GA 30005 • +1.678.297.1000


What technologies exist to secure intellectual property in the automation layer?

There are many products that claim to protect a facility from an attack and while many are useful,

none can fully protect control logic from being changed inadvertently or maliciously. The following

are the most commonly used cybersecurity products and solutions, along with the risks if

manufacturers depend on them alone to protect their Industrial Control Systems.

CYBER-SECURITY FACTS & MYTHS

Firewalls:

Myth: All you need is a properly configured firewall to protect the plant floor.

Fact: Alone, firewalls have never been enough to completely secure a network. They may intercept

many malware attacks, perhaps even the majority, but it only takes one application with improperly

configured security to allow someone to get through.

Plant-Floor Isolation

Myth: If the manufacturing network is isolated from the outside world, unauthorized access to the

industrial control system is impossible.

Fact: As previously discussed, the combining on the industrial and business networks has increased

the vulnerability of the plant-floor to attacks. However, keeping them separated, or providing an “air

gap” can also create a false sense of security. Even in a well isolated environment, threats can find

their way onto the plant floor. For instance, a USB memory stick with corrupted software can be

inserted into a factory-floor workstation. “The Repository of Industrial Security Incidents (RISI) has

noted the majority of incidents happen from within the Industrial Control Systems (ICS) network.

Other studies note the primary threat as malware being introduced to a system through a USB

memory stick.” [3]

IT Security

Myth: Everything can be locked down so the plant is protected from malicious software.

Fact: Even with tight security around users and applications, threat vectors remain, such as having to

use old software to program older equipment.

Proprietary Protocols

Myth: If a plant doesn’t use much Ethernet protocol on the plant floor, there is no risk.

Fact: Many Proprietary Protocols are old and not secure. Also, more devices are networked in plants

every day and almost all that networking is Ethernet (TCP/IP.)

Network Monitoring

Myth: All that is needed is a product that monitors the network and all PLC programs are backed up

to a shared folder on that network.

Fact: A Network Monitoring App is only one component to security. It can detect an external threat

but it cannot identify what change was made or reverse that change. Only a Change Management

System can dynamically compare source code running in devices with a reference copy to identify

unauthorized changes.

AUVESY-MDT • 3480 Preston Ridge Road, Alpharetta, GA 30005 • +1.678.297.1000


WHAT ARE THE BEST PRACTICES?

An integrated approach to cybersecurity is necessary for comprehensive protection and it must

include the management of automated device programs and their changes. “Discovering all assets,

especially industrial controllers, is critical. This includes maintaining a reliable inventory of

configurations, logic, code and firmware versions for each controller.” [2] A sound approach to

securing program device data includes three key areas: preparation, detection and recovery.

PREPARE: Secure your program intellectual property

A copy of each program revision needs to be stored in a central repository with a flexible privileging

system to manage access.

DETECT: Identify changes made outside the change management system

If the program data on file does not match the program running in the device, the mismatch must be

detected, the differences identified and the appropriate people must be notified.

RECOVER: Quickly Undo Unauthorized or Malicious Changes

If a potentially harmful program change has occurred, immediate access to the central repository of

all program revisions enables the plant to quickly restore the latest approved program.

AUVESY-MDT • 3480 Preston Ridge Road, Alpharetta, GA 30005 • +1.678.297.1000


SECURING YOUR INTELLECTUAL PROPERTY

Manufacturers can greatly increase their resiliency against a breach to the Industrial Control System

simply by knowing right away that a breach has occurred and being able to quickly revert systems

back to the state they were in prior to the breach. Per the SANS Institute Survey, Securing Industrial

Control Systems – 2017, “Best practices call for programmatic confirmation and improvement of

asset documentation, including configuration data, such as control logic with periodic audits backed

by change management and automated discovery processes. Tracking at this level allows security

personnel to detect breaches or inadvertent, unauthorized changes.”

Stated simply, effective change management of control systems addresses a critical aspect of

security not addressed by data access and network monitoring applications: the Intellectual

Property in your device programs.

References:

[1] IBM X-Force® Research “2016 Cyber Security Intelligence Index”

[2] “Cyberthreats Targeting the Factory Floor” Industry Week article, Barak Perelman, August 2016

[3] “Spanning the Air Gap: ICS Network Security” Automation World, Larry Asher and Dominic Schmitz, March

2017, Securing your Intellectual Property

AUVESY-MDT • 3480 Preston Ridge Road, Alpharetta, GA 30005 • +1.678.297.1000

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!