Connected Factory Global has teamed up with Automation Alley to conduct quarterly research on critical topics within the larger domain of the Industrial Internet of Things. The next report will be released in late July and will focus on Cyber Security for Industrial Controls Systems.
Today’s manufacturing landscape is changing rapidly. The opportunities for business are tremendous. Increasingly networked products create deeper customer connections and new business models. However, anything that is networked can also be hacked and insecure infrastructure can undermine the opportunity for future growth. In this era of increasingly smart manufacturing and connected products, cyber security is no longer optional. Manufacturers must protect the integrity of their supply chain and products.
With an ever-increasing number of interconnected devices helping to automate operations, comes greater security needs. Cyber security is in the news frequently. People want to know if their medical data is private and if their bank information is safe. But when it comes to manufacturing or process automation, very few are asking about industrial cyber security. Could it be that many don’t know what to ask?
Cyber security has become enough of a concern that the US federal government has put resources in place to help organizations understand what to ask and where to start. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) operates within the National Cybersecurity and Integration Center (NCCIC), a division of the Department of Homeland Security’s Office of Cybersecurity and Communications (DHS CS&C). NCCIC/ICS-CERT is a key component of the DHS Strategy for Securing Control Systems. The primary goal of the Strategy is to build a long-term common vision where effective risk management of control systems security can be realized through successful coordination efforts. The chart below shows the upward trend over time in the number of reported cyber security incidents. It is believed that only a fraction of total incidents are reported for various reasons.
It is not surprising to find a significant amount of confusion and/or indecision of what to do first when you consider the breadth and complexity of this topic. Depending on a manufacturers operating complexity, they may need to think about Data Distribution Services (DDS), Semantic Security Monitoring, Embedded Device Exploitation, Network Segmentation, Secure Authentication, Software Defined Networks and a host of other pieces to the puzzle.
In the past, connectivity outside an immediate plant or factory network often wasn’t possible as control engineers addressed security issues with air gapping. An air-gapped system is not connected to any other system. Air gapping as a strategy, however, now seems questionable. With a simple flash drive or Wi-Fi connection, a malicious or inexperienced insider could infiltrate and infect critical systems.
The implications of Cyber Security on functional or work safety are also a big concern. Here it is important to understand the differences in priority between “Business/Corporate Newtork” or Information Technology (IT) functions and “Production Control System Network” or Operations Technology (OT) functions. From an IT perspective the order of priority is abbreviated as CIA, which stands for confidentiality, integrity, and availability. By contrast, the OT benchmark is CAIC, which stands for control, availability, integrity, and confidentiality. As is evident, OT cares about the same security properties, but ranks them differently and with safety forever being the top priority.
To realize the benefits of the Industrial Internet securely, manufacturers must identify security weaknesses, prioritize areas for improvement and mitigate immediate risks. There are several options to explore for industrial and process control environments that can scale to accommodate complex ICS and SCADA systems and provide full network visibility, control, and protection.
Cyber security solutions must inspect and control traffic that runs across distributed controls systems (DCSs), programmable logic controllers (PLCs), and other industrial devices and also detect and/or block unauthorized activity. These solutions should also integrate well with firewalls to provide your IT–OT security transition zone.
Key Questions and Organizational Decisions that will be reviewed in the upcoming Connected Factory Global July Report include:
- What is cyber security relative to industrial control systems (ICS)?
- Why is ICS cyber security important to manufacturers?
- Which cyber security threats are most relevant to manufacturing industrial control systems?
- What are my most vulnerable cyber security threat vectors given my situation?
- What are the typical ICS cyber security use cases to be familiar with?
- What are the technologies and solutions available to address ICS cyber security threats?
- Who are the organizations who provide solutions to mitigate ICS cyber security threats?
- Who are the startup companies gaining traction in the ICS cyber security space?
Some of the companies referenced in this report will include:
- Trend Micro
- Intel Security
- WIBU Systems