Proactive management of plant cybersecurity
The inward-looking plant control system is giving way to a wider and flatter network architecture, which requires a different cybersecurity focus. Operations technology (OT) is undergoing a sea change in goals, structure, and management—as is information technology (IT) with the integration of the plant control system with the business systems. This is making it necessary to manage enormous data flows inside the plant.
The physical plant continues to be important, but it is complemented and managed by the virtual plant, a concept that makes possible a “digital twin” of the actual plant. Management and operations can use the digital twin to experiment and improve operational efficiency. In addition, new tools and process controls are becoming available. Robots and virtual reality can be used in hazardous areas to improve operator safety, and simpler, easier-to-operate advanced process control systems are becoming common.
Outside the plant, the cloud and related applications have made the Industrial Internet of Things (IIoT) practical and useful. A big part of any IIoT implementation is a proliferation of new sensors installed inside and outside the plant for improving plant performance.
Open process automation (OPA) initiatives—intended to produce a common platform so controllers, sensors, and software can work together without vendor compatibility issues (Figure 1)—have been added to the mix.
All these trends are occurring simultaneously and have contributed to a time of disruption. The old ways of running process plants are no longer competitive in many process industries. However, these disruptive events can create new value propositions through innovation.
OT cybersecurity transformation
Traditionally, sensors and controllers have been connected directly to the plant control system using wires or using wireless protocols. OT cybersecurity has been focused on protecting the plant control network and keeping unauthorized users from invading the control systems. However, OT cybersecurity is now transforming.
The principles and practices of OT cybersecurity are being used in non-traditional automation sectors, such as building automation, transportation, and medical automation. What used to be a hard-wired perimeter has moved outward from the plant and become virtual. The 2-D structure of OT cybersecurity is 3-D with the inner applications, level 0 and 1 devices and applications, and sensor devices connected directly to the cloud. From there, they’re connected to the automation systems; maintenance, repair, and operation (MRO) systems; and plant business systems.
Plant operations personnel always have recognized the need for functional safety. The rise of OT cybersecurity has made it clear an insecure plant is an unsafe plant. Cybersecurity and functional safety mirror, overlap, and complement each other. The security of the safety instrumented system (SIS) is now a critical function, just the same as the security of the basic plant control system.
With fully integrated business systems, the cybersecurity of the entire value chain is critical. Making a supply and a distribution chain integrated and secure are essential in today’s enterprise. OT cybersecurity is no longer a static function, it has instead become a fluid and continuously changing entity that must be managed carefully.
OT cybersecurity threats, defenses
As the function and footprint of OT cybersecurity have grown and changed, the threats it faces have broadened. Traditional cybersecurity evolved to deal with threats in the IT environment such as email phishing, human-in-the-middle penetration attacks, malware, and disaffected employees. First-generation OT cybersecurity began by implementing IT-derived solutions to these threats, for example perimeter security and air gaps.
The second generation of threats was more plant-centered and less IT-focused. These include advanced persistent threats (APTs), which are continuing stealthy attacks from outside the enterprise aimed at IP theft or destruction of plant operations.
The third and current generation of threats is persistent and focused on causing harmful disruption to plant operations. It potentially is destructive to machinery and systems. Threats have evolved to become OT-specific as hacking has evolved, as well.
OT cybersecurity defenses have been reactive, complacent, and conformance-oriented. They typically are based on IT security technologies. Thus, they are not always a good fit for OT purposes and have often evolved slowly into OT security technologies. They have been based traditionally on conformance to standards and based on lifecycle, certifications, and regulations. These defenses are relatively easy to penetrate, especially using APTs, and provide an unrealistic sense of security.
Standards such as ISA/IEC 62443, the NIST framework, NERC CIP, and many others have provided a framework and a path forward to designing good OT security postures for plants. The ISA Security Compliance Institute has been certifying components to be “ISA Secure” since 2010. Standards compliance alone, however, does not necessarily result in adequate or increased cybersecurity protection.
OT cybersecurity challenges
The basic challenge for OT cybersecurity is to deal with the ongoing industry transformation. First, it is necessary to assess the effectiveness of traditional controls and cyber tools. Traditional penetration testing has been used for this purpose. The problem is it is very difficult to operationalize these traditional tools without considerable training and overhead. It is the issue of getting from the theoretical to the practical, or from wishing to be more secure to actually being more secure.
The current challenge is moving the perimeter from the physical plant and a network-centric focus to the virtual, which requires providing security to edge components and applications (Figure 2). Edge devices are numerous and proliferating. This makes it impossible to provide a secure cyber environment without protecting edge devices in real time to maintain security for each Level 0 and 1 device.
One of the main issues is the increase of poorly-secured IIoT devices being installed in plants to send data to the cloud and then to the plant. These IIoT devices can provide intrusion vectors that are overlooked by plant operators and engineers eager to get more data.
The plant is not secure if the supply chain is not secure. The high integration between the supply chain and the control system required in modern process plants makes the supply chain a vector for potential attacks.
Active detection of anomalies is necessary to maintain a secure plant network. This makes it possible to achieve the posture of predictive and preventive response instead of reactive and conformance-oriented activity. This includes threat intelligence from outside the plant.
The best option in many cases is to move from a reactive approach to an adaptive security posture. An adaptive security posture provides the ability to:
- Predict by establishing a baseline and anticipating threats
- Prevent threats by hardening OT devices and isolating IT and OT networks
- Detect anomalies in real time, prioritize the risk, and contain them, and
- Respond by hunting the threat, performing proactive and reactive investigation, and remediating any damage caused by the intrusion.
This adaptive posture provides for understanding and discovery of the OT digital assets using automated digital asset discovery and maintenance tools. This posture allows plant operators and engineers to develop and understand the plant cybersecurity baseline—what “normal” actually looks like—so they can see anomalies when they occur.
Real-time monitoring and management are needed, including at a minimum automatic device configuration and network management, along with automated IP address management. Operators must know where all the devices are, and how secure each is at any moment. This is the first step in making the security posture adaptive, and transforming from preventive to predictive response.
The plant of the future will integrate operational reliability monitoring, security monitoring, and network monitoring with process monitoring. Detection will be transformed from signature-based detection to anomaly detection.
OT cybersecurity must be integrated with management of change functions, alarm management, safety systems and security information and event management. The entire plant operational system revolves around security and safety. For many process plants, it can be difficult to implement a modern functional security position. This is where companies specializing in cybersecurity can be of assistance to process plants.
Camilo Gomez, global cybersecurity strategist, Yokogawa Electric Corp. Edited by Chris Vavra, production editor, Control Engineering, CFE Media, firstname.lastname@example.org.
Keywords: cybersecurity, OT cybersecurity, Industrial Internet of Things, IIoT
Cybersecurity threats against process plants are becoming more sophisticated.
Information technology (IT) and operations technology (OT) are merging and need to learn to cooperate.
Process plants need to move from a reactive approach and take an adaptive security posture.
What other cybersecurity strategies should be used to make process plants more secure?
About the author
Camilo Gomez is the global cybersecurity strategist at Yokogawa, responsible for developing the company’s cybersecurity vision worldwide. Prior to joining Yokogawa in 2017, he held senior advisory positions in the process control cybersecurity domain at CGI, SGV International, and BP PLC. Camilo represents Yokogawa in international standards bodies and certification organizations such as ANSI/ISA, IEC, ISASecure, IECEE, and the Open Group Automation Forum (OPAF), where he is co-chairing the Security Architecture Subcommittee. He holds an MBA degree from the University of St. Thomas, and an MTech degree in Telecommunications and a BSc degree in Systems Engineering from Politécnico Grancolombiano.