Finding common ground in IT/OT convergence
One of the biggest challenges facing the industrial sector is understanding the risk and impact cybersecurity attacks can have as the transition to Industrie 4.0 and the Industrial Internet of Things (IIoT) gains momentum. Companies are starting to realize there is a significant gulf between the priorities of operations technology (OT) and information technology (IT) teams and this has a major effect on cybersecurity initiatives.
For engineers on the OT side, the focus is on available services. Production must continue because any interruption could result in a serious setback and it must be safe because engines, motors, and processors carry a physical risk to operators. IT, on the other hand is not worried unduly about availability, but a computer network security breach that could wipe out essential data and has the potential to let hackers gain access to control systems.
However, many manufacturers either believe their production processes are unconnected to the Internet, or they haven’t considered there was even an Internet connection in the factory. In a recent incident, a control room that monitors petrochemical facilities went down and the computers showed an error resembling a ransomware attack. When an employee went to make a coffee, they realized the same error message was showing on an Internet-connected coffee machine.
Instead of being connected to an isolated Wi-Fi connection, the machine had been connected to the internal control room network. Given the timing of this attack, the network was likely infected by WannaCry ransomware, which also was responsible for infecting millions of devices worldwide that were running Microsoft Windows XP.
The gap between the factory and the Internet has become virtually non-existent. With the growth of Internet of Things- (IoT-) connected devices, cybersecurity risks are escalating. For most engineering firms, however, the focus remains on designing sophisticated systems that are robust and safe, and this is having a detrimental effect on securing networks.
How high is the risk?
In many ways, the lack of real concern in the industrial sector to date is understandable. The technology used in manufacturing enterprises is rarely standard, highly complex, and often unique. This would mean a malicious attack on industrial processes would have to be very specific in order to do harm.
The status quo is about to change. Reports about a new virus called Industroyer have indicated it has the power to seriously damage or compromise industrial control systems (ICSs). This virus can speak four industrial languages and is highly customizable and can be used in targeted attacks. Its use goes beyond extorting money from individuals and is more likely to be used for nation-state attacks that disrupt vital infrastructure.
Ukraine has been on the receiving end of attacks of this nature with two widespread blackouts occurring in the winters of 2015 and 2016. Both attacks left 700,000 homes without power or water in Western Ukraine. The 2015 incident is believed to be the first example of a hacking attack deliberately targeted at a power grid and was attributed to state-sponsored hackers in Russia.
Industrial operational systems, while robust, are not safe from attack, and they aren’t compatible with today’s interconnected environment. Now, as OT and IT systems converge, there is an urgent need to find a balance between ensuring availability and securing themselves against cyber attacks.
Change has to happen between departments and people before any change can be made to technology. Engineers speak a different language than IT managers. They need to agree upon a common approach and strategy.
This becomes more important every day. The influence of Industrie 4.0 on automation is bringing about major changes and greater adoption of cloud and cognitive computing. This creates a need for massive computer resources to support the flow of data to and from the cloud via IoT-connected devices. Factories are communicating in real time across networks and they need to be secure as they adopt Industrie 4.0.
Standard firewalls and security software are not enough. Next-generation firewall hardware needs to be built to adapt to industry prerequisites such as DIN-rail mounts.
These solutions would be "hardened" and ruggedized according to key criteria, including temperature, dust, and humidity. In order to provide the same level of security, the firmware needs to include specific industrial protocols while being sensitive to the need for safety.
Ordinarily, if a firewall crashes in an IT setting, the network stops functioning. In an industrial setting, however, safety modes enable a packet to go through regardless of whether there is power because for OT systems, availability and safety are the main priorities. The factory then has to be stopped in a safe position.
OT and IT need to work together to combat the risks regardless of what they are. The threat to the new generation of manufacturing enterprises does not have to impact companies if appropriate consideration is given to safety, availability, and security.
Robert Wakim is industrial offer manager at Stormshield. This originally appeared in a November 6 article on the Control Engineering Europe website. Edited by Chris Vavra, production editor, Control Engineering, CFE Media, email@example.com.
www.controleng.com keywords: cybersecurity, Industrie 4.0
- Increased connectivity, thanks to Industrie 4.0 and the Industrial Internet of Things (IIoT), increases the risk of a potential cybersecurity attack against manufacturers.
- As operations technology (OT) and information technology (IT) systems converge, a balance between ensuring available services and securing themselves against cyber attacks needs to be achieved.
- OT and IT need to work together to combat cybersecurity risks.
What else can be done to better protect OT and IT systems as they become more connected?