Succesverhalen

Cyber security in industrial networks

With the recent pipeline cyber-attack on Colonial Pipeline by the hacker group DarkSide the concept of security for industrial networks is at the forefront of conversation in the controls industry. In the case of the pipeline attack it was a group that used ransomware to encrypt a computer with the intention of exhorting the company for payment. While a serious problem the techniques used were simple and the ways to avoid it are applicable to many industries.

industrial-automation_2024-05-29-125556.jpg

Industrial network security is a balancing act between security and ease of maintenance. For a network to be perfectly secure it would be impossible to modify, this is not a realistic solution as access by the maintenance team is invaluable to ensuring 24/7 operation. An experienced engineer understands that something will go wrong that was unexpected or a work around will be needed that is off specification at least in the short term, this is where the term insecure by design comes from. The industrial control system is setup in a way that allows modification.

Types of security

Security through obscurity
The most used technique of production security is security through obscurity. This means if an architecture is sufficiently obscure it will not be unlikely that a bad actor figures it out. The key problem with this is if someone figured out the design of the device someone else can also figure it out how it works. In the past this was effective as it took years of experience and training to understand how a device works or even how a network works. In modern days most industrial networks are being run via ethernet because it’s high bandwidth, reliable, readily available, and IT teams are comfortable with it, and the industrial controllers all have programming tutorials online.

The last major attack that made major waves was the Stuxnet attack. This attack directly modified the parameters of the PLC’s (industrial controllers) in such a way that the centrifuges used by the Iranian nuclear enrichment process spun at speeds just high enough to cause damage but not high enough where it would be obvious. This was possible due to the networked nature of modern industrial systems and proved the controllers themselves could be compromised.

Physical separation
It is said that that the only secure network is one that is not online. It is recommended to decrease the attack surface area as much as possible. As such running a separate user and production network is critical. There is no reasonable cause for an operator to be able to check their email on a DCS client.

As such an ideal design is one where separate switches are used for each network. A simple solution is to use a VLAN to separate the devices. I advocate one step above that when possible, the more secure version would be to physically separate network switches. Add new switches to the existing network closets, land only the production network devices on them, and run new fiber.

There are always reasons to have the production network exposed to the internet such as being able to monitor factory conditions while away from the office. A solution would be to bridge the networks with a firewall. An IT team would use known techniques to limit access to that one device, to only the peoplethat need it, and keep it updated, with all the latest security fixes. While not perfect it’s very effective as it greatly reduces attack surface area.

Cell based design
Problems occur all the time, in 24/7 facilities where maintenance takes a back seat to staying on-time, interesting problems have a tendency to occur. The design of the facility should always try to avoid single points of failure. If one is inevitable there should be a rapidly deployable contingency.

Each end device should be part of a cell that can self-manage and complete their task without need of an overarching control system. If the main control system goes down it should be possible to run the devices in manual or semi-automated mode and it should be easy to access that mode. This means making sure devices from different manufacturers speak to the device ahead and behind them on the production line ideally without needing to go through a central point of failure such as a PC setup by the device manufacturer to interface their group of devices to the house network, which in my experience is typically the weakest link. It is best for real-time devices to interface with real-time devices, at the very least the production network should be self-sufficient. This requires the initial system architecture to be designed correctly, as it’s much more difficult to retrofit these features.

It’s not always an external threat to production. Maybe a forklift driver swerved to avoid someone and they hit into a control cabinet. Maybe a device was accidentally loaded with the wrong code and it bumped the right device off the network. These things happen, and buying time for the maintenance team to figure it out is critical. A manual mode must be on each machine and an operator should be able to jump on to keep some production running regardless of external circumstances. In the case of the pipeline cyberattack it should be possible to keep the crude oil flowing using an override even if the efficiency is lessened.

Continuous Monitoring
When possible, it makes sense to monitor devices to ensure they are working correctly. One should assume that there will be a compromised situation and steps should be taken to ensure that is anything goes wrong it is caught and corrected quickly.

I strongly advocate historian systems that log key data and are capable of displaying that data as historical trends, Wonderware system platform comes to mind but there are many that exist in the IOT big data infosphere, this is useful when it comes to preventative maintenance. A step beyond is monitoring the industrial controllers to ensure they are running the correct code using a tool such as FactoryTalk AssetCentre, this is needed because it is possible for the wrong code to be loaded onto a controller by a technician and best to catch that as soon as possible. It is not needed to use such high dollar software however as it is possible to use a python to interface with the controllers through existing libraries, and have a simple script that monitors critical variables.

It also makes sense to monitor for intrusion into the network. One example of this would be if someone tries to connect to a PLC and uses a default password that should be flagged and an alarm raised. This allows the right people to be alerted before there is a problem.

DevSecOps
DevSecOps means thinking about security from the start. Only expose the points needed for reading and writing, and don’t use default passwords. Limit the system to what it needs to function because everything else is a potential liability. In the design stages of a project the systems architect can accomplish this in a few mouse clicks. When dealing with existing installations, where it’s typical to see hardware run well past obsolescence, this makes security more difficult.

This also means ensuring the engineers and technicians have the ability to do their job. It takes an architect with experience in the whole life cycle of a product to understand the needs of the engineering and maintenance teams.

Having a very secure network does not mean that it’s impenetrable. It’s like having an alarm system on your house, with enough time and effort any lock or alarm can be defeated. The point is to be a significantly difficult target where the attacker decides it’s not worth it and pursues less secure targets.

Gerelateerde vacatures Vacatures
industrial-automation_2024-05-29-125556.jpg
Public Buyer
Netherlands Supply Chain Management Eindhoven

As a Buyer, you will be responsible for the preparation, execution and follow-up of files/projects according to the Public Procurement Legislation.

Verhalen van onze mensen

Ontmoet onze mensen en ontdek wat ze doen, hoe hun carrière eruit ziet en wat hen inspireert.

Let's get in touch
Let's get in touch!

Stuur ons een bericht voor mogelijkheden, samenwerkingen of vragen. We komen graag met je in contact!