Easing cyber security concerns

Users worried about cyber security think of the issue need to think beyond the technology issue and realize that people process, and technology all need to work together in harmony to achieve true security.

02/13/2016


The fear of security can be a painful experience. Now it is time to finally ease that pain.

Last year clearly was the year of stronger awareness in terms of cyber security. While the security world became aware of the threat a long time ago, a general understanding of the potential for attack from the rank and file and from the executive suite became abundantly clear over the past 365 days.

Awareness, however, does not always mean action. This coming year has the potential to see more knee-jerk reactions to security incidents that battle-weary security veterans will continue to ward off. But it doesn't have to be that way. Industrial control system (ICS) security professionals will continue to stress the importance of building a solid security program.

Much to the chagrin of experts analyzing the industry, users think of security purely as a technology issue, and it is to a certain degree. But it is so much more. The idea of people, process, and technology truly comes into play.

People continue to be the weakest link in security, but they have the potential to be the strongest asset. For that to happen, manufacturers have to train and force workers to think of security much like safety.

That scenario leads to creating a security process that leans on the various security standards out in the industry such as IEC 62443. Manufacturers need to focus on making sure everyone remains vigilant and on top of their games at all times.

There is solid technology out there that can reduce any kind of attack, but providers need to understand what they need to protect and then apply the proper technology. Users cannot just throw technology at the problem and expect results. There needs to be a well thought out plan that can't take on the enormity of the issue all at once, but rather tackle the problem on a project-by-project basis that keeps growing. 

Safety and security

During this past year more manufacturing automation professionals understood the idea that safety and security do play hand-in-hand. While some principals do differ, the idea of understanding risk and mitigating that risk are the same.

Differences come into play when you look at the constant change evolving in security where countermeasures need to change almost on a daily basis, which flies in the face of the set-and-forget mentality that prevails in the industry. Added on top of that, the maturity level on the security front is not as evident as it is for safety.

On the other hand, safety has well-defined standards and practices where safety professionals have a greater degree of confidence that the system as it stands should provide a degree of safety for the process and the facility. Safety and security need to provide a united front where one area can learn and share expertise from the other.

Changing mindset

As mentioned, security does fly in the face of conventional thinking. That only makes sense. Bad guys don't live by the rules, whereas manufacturing automation professionals live by rules or standards. What worked yesterday will surely work today and tomorrow. That thinking has to change.

That all means understanding the system and knowing when things are out of whack or not looking right remains a key factor moving forward. With the potential for advanced persistent threats (APT) infiltrating systems and taking up residence for a period of time to learn the ins and outs of a system, knowing the system and understanding what should and should not be going on is vital. That is where one technology, application whitelisting, can really pay dividends. Application whitelisting permits the execution of explicitly allowed (or whitelisted) software and blocks execution of everything else. This eliminates the execution of unknown programs, including malware.

One challenge when using application whitelisting in business networks is managing the constantly changing list of allowed applications. That burden reduces in control systems environments, because the set of applications that run in those systems is essentially static.

Whitelisting is not the only answer, but it is one solution to add to the arsenal needed to boost protection.

Building security from within

In keeping with the changing mindset refrain, security needs to focus on protecting from within compared to ensuring a hardened perimeter. The concept of the hard exterior worked years ago, but as the industry learned from Stuxnet, if someone wants to get into a system, it doesn't matter if they have a hardened perimeter or an air gap, they will get in.

That means conducting a true system assessment becomes paramount to understanding what and where you have to protect. After all, you cannot design in security until you know what it is you are protecting. Documenting what users have installed is vital because they often don't even know what they have on their systems. That can lead to building in zones and conduits, which can break the system down and partition it. It is then possible to do a risk assessment on each individual zone.

Threats: Inside, outside

Using the zones and conduits model also shows it doesn't really matter if the attack is coming from the outside or the inside. The idea is locating the attack and mitigating it within the partitioned zone.

One misconception that ended up debunked over 2015 is more threats come from the outside. It became clear the inside threat was much more prevalent and caused much more discord for manufacturers.

The insider threat has become so much of a problem the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center created a guide to help organizations guard against malicious insider activity.

An insider threat is a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally misused that access to negatively affect the confidentiality, integrity, or availability of the organization's information or information systems.

Personnel signs to watch out for include: Introverts, greed, or financial need, compulsive behavior, reduced loyalty, a penchant for minimizing one's mistakes or faults, intolerance to criticism, moral flexibility, a lack of empathy, and a pattern of frustration or disappointment. 


<< First < Previous 1 2 Next > Last >>

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Sensor-to-cloud interoperability; PID and digital control efficiency; Alarm management system design; Automotive industry advances
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Engineering Leaders Under 40; System integration improving packaging operation; Process sensing; PID velocity; Cybersecurity and functional safety
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
click me