Attention industrial engineers: If you're not thinking about how secure that new wiz-bang-flashy PLC or PAC is before you purchase it, you're setting yourself up for a world of pain down the road.
Industrial control systems are used across a wide range of industries, from manufacturing and fabrication, to electricity generation and transmission, to oil refining and water treatment—all industries where a network security compromise could mean huge losses of capital for the business.
Recently we’re seeing many of these traditionally proprietary control systems—distributed control systems, PLCs, and SCADA applications—adding new, more open technologies like Ethernet and TCP/IP. And with organizations' increasing interest in the business advantages of obtaining system data, industrial control systems are now being connected to information technology (IT) networks.
According to a poll conducted by AutomationWorld.com the industrial automation and process control industries are faced with a lot of questions related to cybery security. A huge question for most industrial control engineers is the security danger of open architectures.
Yes, we want to realize the potential of the IIoT. And that requires a common set of communication languages, protocols, and programming standards—open standards. But we're also exposing ourselves to risk as we connect our industrial devices to new networks.
According to a study conducted by Control Engineering, roughly 80% of respondents indicated their control systems are under threat from cyber attacks. News Flash: If it's turned on and is an electronic device, it's under threat, right now. Yes, that means your devices. And if you're in the 20% that said no, please subscribe to the blog on the right-hand side of the page, because we have a lot to talk about.
Because we're connecting control systems to IT networks, these open standards for the IIoT are based on the open architecture of the Internet. Which means we need to start applying Internet security standards to our control systems and industrial networks.
What are the security ramifications of connecting industrial assets to the Internet?
Industrial Asset Risk Analysis
Let’s start by looking at the nature of risk. A basic equation for determining risk is:
A threat is any potential occurrence that could cause an undesirable or unwanted outcome—such as destruction, damage, or loss—for an organization or an industrial asset. Threats may originate from people, other organizations, hardware, networks, or even nature.
A vulnerability is a weakness in an asset or the absence of a countermeasure to foil an exploit attempt. Vulnerabilities can include a bug in software or firmware code, a loophole in procedure, a failure of human oversight, or hardware design flaws.
A threat event occurs when a vulnerability is exploited by a threat origin.
When we analyze the risk of industrial assets being exploited, we need to understand industrial asset valuation. The value of an industrial asset is its monetary and nonmonetary cost, including public confidence and knowledge equity (the value of the knowledge the asset contains). Bottom line: it’s the level of damage that can be caused if the industrial asset is exploited.
For example, if an attacker breached the control system of a wind turbine and forced it to spin out of control, that could lead to not only the loss of the turbine but also the costs associated with damage to the surrounding area if the wind turbine were to, say, catch on fire and destroy a farmer's wheat crop.
Most industrial systems are designed for minimal human interaction. In theory, the static design of modern industrial equipment implies that these systems are fairly resistant to threat events.
But if we perform a basic risk assessment on industrial assets that includes both the threat level and an asset valuation, we see that any vulnerabilities dramatically increase risk if security is compromised.
For example, it may be nearly impossible to hack into a nuclear power plant (low threat) but the consequences (asset valuation) of a nuclear power plant being hacked could be disastrous on multiple levels (high risk).
So how do we mitigate risk to industrial assets? Through safeguards or countermeasures. A safeguard or countermeasure is anything that removes or reduces vulnerability and protects against one or more specific threats.
For example, a simple physical safeguard or countermeasure would be protecting industrial assets behind locked doors that only authenticated, verified, and auditable operators have access to.
Industrial asset safeguards and countermeasures come in many forms:
- Updating controller firmware
- Fixing software bugs
- Changing system configuration
- Modifying network infrastructure design and layout—for example, segmenting, firewalling, implementing VLANs (virtual local area networks), and so on
Most existing industrial assets were not designed to be connected to the Internet. However, as they are connected to IT networks to build the Industrial Internet of Things, these assets become increasingly vulnerable to the same threats and exploits that the IT sector has been dealing with for decades.
Unfortunately, most industrial assets shipping today were not designed with cyber security in mind.
Cyber Security Considerations
The IT sector has dealt with cyber security for a long time. In fact, if you're looking for some fun history on hacking, you can browse through the alt.2600 news group, which goes way back to the days of dial-up and beyond.
My point being that it’s imperative that manufacturers learn from the history the IT space has in cyber security. Manufacturers need to apply information security technologies and methodologies to industrial assets as part of their development cycle.
Given the long expected life cycle of industrial assets—twenty or thirty years in some cases—it’s vital that cyber security be designed into industrial assets from the ground up and poised to be as future-proof as possible.
When we acquire new automation and process control technology, be it hardware or software, one of our highest priorities should be risk assessment and cyber security. If we don’t evaluate industrial asset safeguards and countermeasures during vendor evaluation and qualification, we’ll pay the cost in the form of addressing potential threats and exploits throughout the life of the asset.
In other words, the $99 showbox PLC may be a cheap solution for that remote SCADA site. That is, until it's brought down by an attacker who used a basic network anaysis tool to capture your PLC's password, which was sent in cleartext over the network because that low-cost PLC doesn't have the horsepower to crunch the numbers required for modern encryption and authentication. How does that old saying go, buy cheap, buy twice?
But the really scary thought is how much that security breach is going to cost you. Learn about 5 fundmental security features your industrial assets should have to mitigate risk to you systems in this blog post.
Want to learn more about the Internet of Things and how you can prepare for it?