As cyber attacks become more high profile and more prevalent, cybersecurity is an increasing concern for industrial automation and control system users and vendors. Cyber attacks happen for any number of reasons, including monetary gain, competitive advantage, political activism, social rewards, or even personal grievances. The effects have the potential to bring a business to its knees.
Why are industrial environments increasingly at risk?
The increasingly open and collaborative nature of industrial environments – In the past, industrial networks were primarily isolated systems, running proprietary control protocols, using specialized hardware and software. These days systems are networked on IP-based, wireless and mobile systems which are more open to attack. What’s more, legacy control systems were not designed to contend with current threat levels.
Inadequate end user awareness and end user inertia – End users in critical infrastructure environments are often well-organised in their cybersecurity defence. However, many end users in other industries (including manufacturing) are either unaware of the risk of cyber attacks or reluctant to implement security strategies in their enterprises, because investments in cybersecurity do not appear to have a tangible return-on-investment (ROI). This leads to a complacent ‘wait and watch’ approach that only mandatory regulation or the unfortunate instance of a cyber attack may change.
Increased use of commercial off-the-shelf IT solutions in industrial environments – The gradual shift toward IT-based solutions in the industrial space has resulted in control systems having to face increased exposure to malware and security threats that are targeted at commercial systems.
Inadequate skilled manpower – While the industrial sector prides itself on a highly skilled workforce focused on automation systems, that doesn’t always translate into adequate expertise in industrial IT networks. This skills gap weakens an organization’s ability to develop comprehensive protection and prevention strategies.
How can organizations address cybersecurity?
Understanding the unique characteristics of the industrial environment, and where cybersecurity actions can be applied, is very important. Some of the key steps to consider are:
- Have a security plan: policies and procedures to cover risk assessment, risk mitigation and methods to recover from disaster.
- Network separation: Separating the industrial automation and control system from other networks by creating demilitarized zones (DMZ) to protect the industrial system from enterprise network requests and messages.
- Perimeter protection: Firewalls, authentication, authorizations, VPN (IPsec) and anti-virus software to prevent unauthorized access.
- Network segmentation: Containment of a potential security breach to only the affected segment by using switches and VLANs to divide the network into sub-networks and by restricting traffic between segments. This helps contain malware impact to one network segment; thus limiting damage to the entire network.
- Device hardening: Password management, user profile definition and deactivation of unused services to strengthen security on devices.
- Monitoring and update: Surveillance of operator activity and network communications. Regular updates of software and firmware.
Cyber attacks are an ever-present and an ever-evolving threat that requires a pro-active and planned approach. To keep their operations safe, organizations need to look at their own internal policies, procedures and culture, and work in close partnership with their solutions providers.
Read more about cybersecurity in this new white paper Cybersecurity for Industrial Automation & Control Environments.
Is your organzation addressing Cybersecurity, do you have other solutions or concerns when it comes to cyper attacks?