The vulnerability of security and the increase in harmful software require protection of computers and control systems for industrial networks against cyber-attacks. How can these risks be prevented? Phoenix Contact provides the answer
by Anna Balliana
In the current industrial scenario, interconnected systems are becoming increasingly widespread. However, when designing and building the single components of the system, often the persons responsible do not consider all the communication streams between the system being examined and the rest of the network, thereby neglecting the introduction of security solutions starting from the design phase (security by design). Unfortunately it is still frequently assumed that the company’s security may be guaranteed by concentrating on the traditional areas of IT competence, neglecting the risks which derive from factory communication, linked for instance to Wi-Fi networks used in production, to the use of infected USB sticks or to violations of VPN connections. Attacks suffered in the past also showed that threats may even concern specific industrial protocols and proprietary technologies in the case of targeted attacks. New security flaws and an increase in harmful software require the protection of computers and of industrial network control systems against attacks, malware and unauthorised attacks.
New risk scenarios require new strategies
Strikers are equipped with very powerful automatic tools which enormously increase their capability of striking anyone systematically. Automation of attack systems, which often consist in software platforms available at low prices on the “dark web”, allowed many criminals to obtain great economical products. If the development of industrialized and automated attack systems allows large-scale action, the growing use of digital solutions in industrial systems leads to a simultaneous growth of the nodes exposed to the risk of attacks. To make matters worse, the growth rate of these attack systems is greater than that of the development of protection capabilities. As a result, the spread between attack and defence costs is constantly broadening. All of this requires a change in defence strategies and the acknowledgement that the real issue is no longer “whether” but “when” a cyber attack will be launched. Companies may equip themselves with preventive measures to deal with such threats, which are economically more sustainable than a solution enacted after the attack already occurred. The main causes of cyber failure are the scarce knowledge of threats and human errors, and it is therefore decisive to improve both cyber security culture and the awareness of risks and of the ways to cope with them.
IT and OT are two worlds with their own characteristics
In choosing solutions to adopt so as to guarantee a correct implementation of Industrial Cyber Security, it is essential to consider not only the risks, but also everyday operating conditions: well-tested and efficient solutions in the IT domain might not be as appropriate for OT (Operation Technology) applications. IT systems used in production and office environments differ from four standpoints. First of all, in office PCs, antivirus software and updates of security solutions are regularly installed. On the contrary, often operating systems and industrial software are not quite taken care of to the same extent, since patches are not always available, or require preventive validation measures, which may be complicated. Besides, in industries, specific protocols are used which are not typical of the office world. When choosing firewalls it is therefore necessary to ensure that these will recognize the protocols used in a specific industrial domain. Large plants are also typically structured with cells interconnected using a network, made up of machines supplied by third party manufacturers. These machines are most often independent, and could use identical IP addresses for all systems of the same kind. The advantage for the manufacturer is simplifying the construction and management of the machines themselves. From the industrial plant manager’s standpoint, the user needs a router capable of mapping the machine networks within the production network which contains them. So as not to modify all the IP addresses of every node of the machine, the NAT 1:1 routing function may be used. Finally, production plants often require specific firewall rules during the functioning phases: the operations which need to be carried out under normal conditions are not the same ones which should be carried out in case of an anomaly. In such a scenario, introducing a firewall not capable of taking these variables into consideration risks making matters more complicated. For this reason, an industrial firewall must have on board a conditional firewall capable of communicating with the machine, that is, of adapting dynamically its rules depending upon the working conditions.
Getting ready in the best way for new cyber-risks
The most recent production models, starting with Industry 4.0 and IIoT (Industrial Internet of Things), even though they pave he way for new opportunities, also extend to the production world risks which up to a short while ago only concerned office systems. It is therefore by now necessary to be very careful and to follow some basic rules, without mistaking compliance with norms for actual security. Particularly, an integrated and comprehensive cyber security process should be applied, based upon (cyber) risk management logics at all levels, capable of promoting adequate training and supporting the adoption of prevention measures. In this way, it will be possible to spread the habit of introducing the cyber security theme starting from the design phase.