A sole effort to improve the security of a manufacturing facility isn’t common. But, when controllers aren’t properly communicating and outside expertise is required to troubleshoot, industrial security vulnerabilities surface. With a risk assessment, you can address your immediate risks while creating a plan and a budget to migrate to a better system over a period of time. The good news is that most industrial control network systems don’t require an overhaul (though many could benefit from it). The bad news is that you can’t fix security issues by ignoring it. To improve security, you have to assess your plant and peer into all of its imperfections.
The Security Audit
The first thing to do is look for well known vulnerabilities. The ISA99 Industrial Automation and Control Systems Security Standards serve as our benchmark for comparison:
“The Committee’s focus is to improve the confidentiality, integrity, and availability of components or systems used for manufacturing or control and provide criteria for procuring and implementing secure control systems. Compliance with the Committee’s guidance will improve manufacturing and control system electronic security, and will help identify vulnerabilities and address them, thereby reducing the risk of compromising confidential information or causing Manufacturing Control Systems degradation or failure.”
Control Network Cybersecurity is a fledgling industry, but new standards, certifications and training programs are popping up to educate and spread awareness. Despite these efforts, many manufacturers are still in the dark. Manufacturers are tuned into the news, but they aren’t tuned into the security risks of their own facilities. A simple network risk assessment would be a step in the right direction.
- Does your plant use Ethernet data communication in your control system?
- Is your control system connected to your enterprise network (i.e. lacking secure separation)?
- Do personnel or contractors have access to the network?
- Do you change your usernames and passwords frequently?
If you answered yes to these questions, then your network’s security should be a concern.
Moving on to the Audit
Following the preliminaries, the real audit takes place beginning with thorough documentation of:
- Control System Network Architecture
- Hardware and Software on Control System Network
- Physical Access (who, where, when, how) to Control System Network
- Policies and Procedures for Changes to Control System Network
One of the initial audit phases is to determine your system’s vulnerabilities. The vulnerabilities could range from a cyber attack through firewalls to the PLC, to a disgruntled employee making changes in PLC code. Whether the attacks are direct or indirect, catastrophic losses and failures can result from the negative effects: equipment production and longevity reduction, overall productivity loss, employee or consumer health or safety.
- Determine system vulnerabilities
- Identify areas of system that could affect public health or safety
- Measure financial risk from loss of equipment and/or productivity to justify audit investment
- Outline plan for combating known threats and implementing failsafe options
This data is then analyzed and cross referenced with known best practices such as ISA-99 standards, and vulnerability studies to determine the best method for building a stronghold around your operation. Following the security audit, we apply best practice standards by the International Society of Automation (ISA99) and the Department of Homeland Security’s Control Systems Security Program (CSSP).
Closing identified vulnerabilities and gaps is a first important step because you need to know who has access to your system and how that happens. Whether you have virtual support by vendors or mobile devices by your own facility employees, even the smallest crack places your entire manufacturing operation at risk for malicious code. Even the simple act of plugging a mobile phone into a laptop for recharging creates a gap for malware to enter the ICS.
Awareness, training, and vigilance are keys to cyber defense for manufacturing systems. ICS can be viewed as cyber spiderwebs with entry points everywhere along the web. Anyone that touches the cyber spiderweb creates vulnerability. Constant vigilance is the new normal for manufacturing controls security, but with a little work, there are benefits.
1. Built-in Security
Since automation controls have become digitized, many pioneering technologies are already obsolete. Then, the next generation of technology comes along claiming to be future proof and goes through the same cycle. Eventually, you end up with a Frankenstein’ed system that works well enough, but wasn’t exactly planned as a whole and it definitely wasn’t planned to uphold modern security. Lines change over time and their piecemealed structure leaves major security gaps in the system.
Vulnerabilities often exist because proper security wasn’t a major consideration during deployment. The PLCs were not set up with a larger network in mind. Even enterprise IT technicians can improperly configure networks without realizing the risk enterprise systems introduce when they aren’t properly integrated with control systems. Control networks are often designed in a flat network configuration, where all the machines have complete access the rest of the network. When a virus enters the system is spreads quickly along the system compromising all the connected computers.
Manufacturing buildings are mostly fenced, gated from traffic and secured at various points. Networks should behave similarly. Getting your control system operational is obviously a top priority, but security shouldn’t be an afterthought. Security has to be baked into the physical setup and digital structure of a control system. Deployment and security should be synonymous.
Industrial security is imperative, but it doesn’t have to be complex, cumbersome or expensive. Creating a more secure manufacturing facility can be easy when you close the knowledge gap. By bringing in the right people, armed with knowledge of industrial security, your facility can become less prone to security risks in a short period of time. A proper setup will take care of the majority of your vulnerabilities.
2. More Connectivity
When companies invest in secure connectivity, the two primary goals are to provide:
- Enterprise network connectivity so employees can collect critical data from the plant floor. This allows them to easily analyze data such as; how much is produced, procurement needs to meet production levels, downtime, and whether manufacturing goals were met.
- Internet connectivity that allows some people to connect to the plant floor through a VPN for remote support, updates and diagnostics resulting a significant reduction of support costs.
Due to the critical nature of manufacturing for the company’s success, there has to be strong dividers between enterprise networks and manufacturing networks. A large part of the security implementation is in the physical setup of the connections. A tiered network is much more secure than a flat one. Then, software needs to be programmed to specify which users and data should be allowed through to control these data flows. Finally, multiple firewalls can be setup to monitor connectivity and ensure compliance at the various intersections of enterprise and manufacturing networks.
3. A Mobile and Wireless Plant Floor
In the manufacturing environment, traditionally, devices for human interfacing to the control system were primarily fixed devices, such as stationary Human Machine Interfaces (HMIs). That is now changing and mobile devices, such as smartphones, the iPad or other tablets have entered the picture to provide broader, more flexible access to the manufacturing intelligence data for immediate line management.
Remote operations through hand-held devices such as the iPad, Blackberry, Android and other intelligent wireless interface tools are coming of age on the factory floor and within manufacturing enterprise systems. The ability to tap into plant operations for monitoring and tracking of information via real-time communication with plant systems is fast becoming the new way to manage the manufacturing operation. Business analytic tools are also driving the need for more WiFi routers as critical components of the overall automation design to meet the demand.
As the use of untethered devices grows for use as standard operating tools for manufacturing, the question arises: Is your wireless configuration compromising your company’s security? Do you have a formal plan for how and when wireless devices are added to the environment? While corporate firewalls may provide protection to standardized company programs, vulnerability is introduced when a WiFi router is added by a vendor or plant IT engineer for a specific access point.*
Beyond router concerns, some Android devices (least secure of mobile devices) allowed viruses to enter networks by simply plugging the device into the laptop for re-charging. Cyber security, like airport security, is here to stay with many solutions and developments. As the use of wireless devices increases, a new level of manufacturing security will need to be addressed.
In the manufacturing environment, traditionally, devices for human interfacing to the control system were primarily fixed devices, such as stationary Human Machine Interfaces (HMIs). That is now changing and mobile devices, such as smartphones, the iPad or other tablets have entered the picture to provide broader, more flexible access to the manufacturing intelligence data for immediate line management.
