Incorporating cybersecurity awareness into OT

Using cyber situational awareness platforms to enhance control system personnel needs to be part of a greater design goal and should act as an invisible layer for an operations technology (OT) environment. Here are four tips for cybersecurity situational awareness, and six responses to zero-day threats.

01/02/2017


It’s imperative that control system personnel be aware of design goals even more than developing software platforms as well as have a greater situational awareness for control systems that are tied to critical infrastructure. Courtesy: Anil Gosine, MG+ SoIndustrial control system (ICS) security is no longer merely about preventing hackers or having a strong physical perimeter. There is an underground digital economy that now offers multi-billion dollar incentives for potential corporate rivals or adversaries to exploit ICS vulnerabilities. And the influx of information technology (IT) into the OT further highlights the need for security by design rather than by association.

So it's imperative that control system personnel be aware of design goals even more than developing software platforms. Users also need to have a greater situational awareness, particularly when it comes to control systems that are tied to critical infrastructure.

Aggregating digital data on an industrial network with situational awareness solutions allows for efficient correlation and analysis of information, which makes sharing information a lot easier. 

Cybersecurity awareness: Four tips

Cyber situational awareness tips include:

  • Proper awareness of a facility's cyber network
  • In-depth understanding of the facility's cybersecurity operations
  • Appropriate and ongoing assessments of the existing operations within the network to identify potential vulnerabilities
  • Continuous monitoring of unusual activity on the cyber network coupled with the ability to mitigate threats before they occur.

Data should be aggregated from multiple control systems, controllers, smart field devices, and network switches to enable efficient information correlation and analysis. Continuous monitoring and collecting real-time data will help detect unfamiliar activity. This provides owners and cybersecurity auditors unprecedented detection capabilities and visibility. 

Applying cybersecurity

Cybersecurity implementations should incorporate active machine learning and modeling that continuously learn the operational system, adapt to changes within it and detect operational and cyber threats in real-time. The machine learning process enhances the capability of a platform to provide early detection of incidents and enriches advanced detection algorithms for fast incident identification and alerting. This process minimizes human error and reduces downtime.

Enhancing operator security awareness applies to a variety of industries, including the industrial sector, aircraft manufacturers, automotive, and manufacturing. Control systems can produce a huge amount of data, based on their connected components and environments. Cyber-situational awareness provides a tool for users to better understand their environment, so they can make better decisions about defending themselves. Situational awareness solutions need to address three things to transform the data into awareness: perception, comprehension and prediction.

Control system solutions should allow users to run real-time incident analysis and provide complete visibility and control during the inventory and audit process. Integration with existing control systems should be seamless without impact on operations.

Many cybersecurity efforts focus on protecting assets against "known" threats that have been made public. However, attackers are developing exploits for vulnerabilities that have not been disclosed, also known as "zero-day" exploits. Users must have an understanding of the interactions among vulnerabilities, events, and baseline systems to be able to militate against these threats. It also can help them forecast potential security gaps and detect operational irregularities or breaches.

Six responses to zero-day threats

If a vulnerability remains unknown, the software affected cannot be patched, and anti-virus products cannot detect the attack through signature-based scanning. The typical zero-day attack lasts an average of eight months, which gives attackers lots of time to steal information and leave without being detected.

Companies can help secure themselves by:

  • Employing good preventive security practices
  • Having real-time protection that deploys intrusion-prevention systems
  • Having a detailed understanding of their environment
  • Planning incident response measures with defined roles and procedures
  • Limiting the connections and privileges to those required for business needs
  • Fostering collaboration in the security industry.

Executives should assume their firms have been compromised and that it will occur again if they do not have sufficient measures in place. Prevention can be limited, so they should invest in breach detection so that they can act on the compromises based on the processes in place. At the end of each week, there are spikes in malware distribution because attackers know that employees take their laptops home and connect their machines to Internet networks that aren't secure. As a result, cloud-based security firms are seeing increased security alerts popping up on Mondays. Executives should understand the legal implications of cybersecurity risks, establish an enterprisewide risk management framework and have access to independent cybersecurity consultants that regularly participate on board or C-level meetings. 

Awareness is critical

With the growing dependency on digital devices and technology within critical infrastructure, owners and customers need to understand the environment in which they operate, and accurately predict and respond to potential problems; with the ability to anticipate what can occur on these systems, management can develop effective countermeasures to protect critical facilities.

Significant investment in data collection, management, and analysis is needed to continuously gain visibility of how the systems are operating. Having situational awareness of the OT environment and responding to the threat detected, security can be greatly improved from just relying on building a perimeter that is expected to endure attacks. Any change in security must be able to demonstrate security value to the business and comply with regulatory requirements.

Anil Gosine is global program manager at MG Strategy+. Edited by Chris Vavra, production editor, Control Engineering, CFE Media, cvavra@cfemedia.com.

MORE ADVICE

Key Concepts

  • Users need to have a greater situational awareness, particularly when it comes to control systems that are tied to critical infrastructure.
  • Cyber attackers are developing exploits for "zero-day" vulnerabilities that have not been disclosed
  • Investing in data collection, management, and analysis is needed to understand how the systems are operating. 

Consider this

What other steps can be taken to safeguard critical infrastructure?

ONLINE extra

See additional cybersecurity articles linked below and see the Control Engineering cybersecurity page.



Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
July 2018
Ladder logic best practices and object-oriented programming, safety instrumented systems, enclosure design issues and challenges, process control advice
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
May 2018
Salary and Career Survey, IT and OT convergence, robotic standards and safety, secure circuit protection
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
Data Center Design
Data centers, data closets, edge and cloud computing, co-location facilities, and similar topics are among the fastest-changing in the industry.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

August 2018
SCADA standardization, capital expenditures, data-driven drilling and execution
June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
July 2018
Ladder logic best practices and object-oriented programming, safety instrumented systems, enclosure design issues and challenges, process control advice
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
May 2018
Salary and Career Survey, IT and OT convergence, robotic standards and safety, secure circuit protection
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
Data Center Design
Data centers, data closets, edge and cloud computing, co-location facilities, and similar topics are among the fastest-changing in the industry.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

August 2018
SCADA standardization, capital expenditures, data-driven drilling and execution
June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
July 2018
Ladder logic best practices and object-oriented programming, safety instrumented systems, enclosure design issues and challenges, process control advice
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
May 2018
Salary and Career Survey, IT and OT convergence, robotic standards and safety, secure circuit protection
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
Data Center Design
Data centers, data closets, edge and cloud computing, co-location facilities, and similar topics are among the fastest-changing in the industry.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

August 2018
SCADA standardization, capital expenditures, data-driven drilling and execution
June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me