Four steps to secure an automation system from potential threats
Companies looking to secure their automation system need to define their architecture and assets, assess the site, implementing a security plan, and consistently review their assets for potential threats.
Due to advancing technologies, automation systems utilize digital network infrastructures and if these systems are not secured properly, they can be very susceptible to hazardous risks. Maintaining a secure automation system can be achieved by using proven steps that consist of industry best practices, which are customized to meet the desired level of security required.
Security is defined as a state of being free from danger and to achieve the company must constantly be on alert to guard against potential threats. Independent third party evaluations from a specialist with in-depth integration experience provide intrinsic value. Third-party experts encompass comprehensive knowledge of system interactions, data exchange, and a complete understanding of process control as well as production demands.
Here’s an example. The upper management of a long-time customer was having difficulty accepting the site engineer’s assessment that the control system was indeed secure and asked for a review. After the review, some basic safety practices that had been overlooked through years of projects and system upgrades were identified. After some simple corrections and adjustments, the system was validated to meet the expected security standards and was accepted by upper management.
The method and strategies used to securing an automation system start with defining what is in place. Next, an assessment must be completed to confirm, verify, and further identify vulnerabilities. Once all risk factors are known, the implementation phase includes the selection of the desired security level, and execution of the customized solution to meet the specific site needs. Finally, a follow-up audit to ensure security measures are effective. Once you have defined the system assets, identified vulnerabilities, and implemented a tailored solution, then maintaining a level of security becomes a routine periodic procedure.
The four steps listed below outline effective methods and best practices to protect a company’s automation system assets from potential threats.
1. Define the architecture and assets
To manage a control system security, the user must be able to define the assets. A network architecture diagram will define the logical connection details to ensure that all devices are identified within the network. This includes any and all communication protocols as well as different media connections such as third party interfaces, business network connections, wireless access points, fiber optic infrastructure, and any field input/output (I/O) bus networks. This diagram should include a unique device name and include a network address and the physical connection port to identify the actual interface connection, which will become important during the review process later on in the process.
Next, create a cross-reference device list, essentially a bill of material (BOM), which includes additional supporting information of the assets such as make, model, serial number, firmware version, physical access level, etc. The network diagram should segment the associated areas of the facility to depict the distribution of assets across the entire control system. This diagram and associated information provide a road map of the system and it is critical to fully define and understand the asset vulnerabilities.
The diagram may require multiple pages and links to additional information to clarify the associated equipment to ensure all the information is depicted thoroughly depending on the size of the system.
2. Assess the site
Site assessment is a critical process that requires acute attention to detail and can be very time-consuming. Typical site assessments further outline the network infrastructure and generally identifies potential action items that need to be clarified and/or defined by the end-user. Physical accessibility to equipment is only one aspect of potential vulnerability.
This phase also includes the finalization of each element connected to the physical network and this is typically achieved by utilizing simple network scanning tools to identify all communication nodes. This investigation includes a thorough evaluation of each device in an effort to identify all vulnerabilities.
This phase can be an exhaustive search-and-find effort depending on the past installation practices, the size of the automation system, and status of existing supporting documentation. This effort should be well planned to ensure the entire existing infrastructure is completely identified and documented to ensure that all the information is accurate, as well as to ensure that the automation system production is not compromised during the investigation.
3. Implement a security plan
Once the data is collected from the onsite assessment, it is compiled into a full report. This report will define all of the vulnerabilities identified in the current system and outline a list of possible recommendations to remove as much risk as possible to provide a secure automation system. Security measures typically include multiple layers of protection methods to remove as much risk as possible.
The level of risk that is assumed can only be defined by the end-user and must be balanced against the likelihood of a security breach versus the potential results. Once the final solutions are accepted, these costs can be defined, the actions planned, and the solutions can be implemented. Once chosen, the final solutions can encompass multiple layers, steps, and require extensive planning and implementation strategies.
Security measures can be broken down into short-term and long-term goals. The short-term goals can potentially be put in place fairly quickly to help remove or reduce a potential vulnerability. Long-term goals can include extensive levels of solutions that require multiple phases depending on the existing practices and integration of networks. The idea is to identify the simplest and easiest methods first while outlining additional security goals in a larger planning strategy. This may require multiple steps to appropriately reduce risk while preserving production run-time.
4. Review your assets
Once the vulnerabilities are identified and the user has chosen the level of acceptable risk, a review or audit period must be defined to successfully manage the security lifecycle. Security is something that must be maintained for continuous use. Threats and vulnerabilities can migrate, grow, and morph or adapt over a period of time due to technology, human error, or external influences. Therefore, a scheduled review of the system health activity is required to ensure new vulnerabilities are not introduced.
A thorough review or audit procedure should be defined after or during the implementation phase. The procedures should identify clear and precise steps to allow anyone with basic knowledge to complete the evaluation and determine the health of the system. Each step should have a measurable goal to achieve and ensure the integrity of the automation system is not compromised. As new tools or advancements in technology are released, the audit procedures should be updated to ensure the continual evaluation remains current. Successfully managing the security of the automation system is a continual effort, but consistent practices can ensure the integrity of the assets.
Implementing best practices and standards
Security threats are continuous and to ensure the assets remain safe from harm, the user must protect their livelihood by ensuring automation system vulnerabilities are identified, dealt with properly, and effectively resolved.
The most vulnerable threats to automation systems are simply overlooked or unknown to internal engineers. Third party evaluation from a specialist with in-depth knowledge and a proven assessment process can provide insurance that production systems remain safe and secure. External validation removes liability and provides management a layer of assurance that the production’s assets remain secure.
Implementation of acceptable industry standards should be customized to meet the desired level of security defined by the end-user. This can be achieved through thorough analysis, implementation, and periodic audits to ensure the company meets the production requirements by protecting the automation system critical assets from harm.
Robbie Peoples is an integration manager at Cross Company Integrated Systems Group. This article originally appeared on Cross Company’s Innovative Controls blog. Edited by Chris Vavra, production editor, Control Engineering, CFE Media, firstname.lastname@example.org.
Cross Company is a CSIA member as of 9/7/2017.