The Industrial Internet of Things (IIoT) is enabling industrial manufacturers to reach new levels of business
success, but only if their assets and operations are well protected. Data breaches and other cybercrimes cost manufacturers billions each year and the damage to brand reputation can be incalculable.
In our increasingly digitized world, industry is under constant threat. Standard, open IP-based industrial-network connectivity and protocols have become the norm, even as manufacturers learn that the legacy systems that control their operations were never built with today’s security threats in mind. In short, the world’s critical infrastructure is a new playground for cybercriminals. We know this because industrial cyberattacks are becoming more frequent and sophisticated, and the threats are escalating.
By leaving critical assets and information exposed, plants are literally risking lives. No business would leave their front doors wide open and unattended 24/7, yet industrial networks, assets and even entire operations often are.
This must change.
As Industrial Automation and Control System (IACS) environments become more connected, “security by obscurity” is no longer an adequate strategy. To protect your assets, operations and people, as well as your long-term business success, you need a comprehensive cybersecurity plan. Today is the day to assess your risk, implement cyber-specific solutions, upgrade or update your onsite defenses and effectively train your entire workforce.
It is time to lock your digital front door.
Common attacks and how to prepare
It’s impossible to predict when and where attacks will occur, but there is a pattern to how they’re conducted. If plant operators are aware of these patterns and common attack vectors, they will be far more ready to defend their assets, operations and people. Let’s start with the following:
Attack: Taking advantage of well-known exploits. IIoT-enabled plants have a variety of network connections, which include HTTP, FTP, TFTP, SNMP, DHCP, BOOTP, SQL and XML. When hackers penetrate them, they put businesses at risk of having sensitive company or client data—or authentication and session-management information—exposed to the public.
Defense: Eliminate unnecessary services and connection points, and limit the number of people who have access. The more people and connections exist, the greater the risk.
Attack: Spoofing a valid IP address. Hackers monitor traffic to find valid IP addresses—and then use them to launch software.
Defense: The best defense is simple yet vital: Effectively use passwords. Short passwords that tie closely to an individual’s personal life/interests and include minimal variety in characters have hackers salivating and ready to pounce.
Attack: Discovering passwords by impersonation, baiting and phishing. Hackers also undertake recon on social and public networks—and even dumpster dive.
Defense: Use authenticated protocols specifically designed for communications and the transfer of authentication data between different connected devices.
Attack: Taking advantage of insider threats from former or disgruntled employees, contractors and business associates.
Defense: The best defense is to clearly delineate and separate employee duties—and access levels—used in connected systems and processes in the plant. But it’s not enough to trust this will go smoothly. Plant leaders should be regularly monitoring networks and keeping an eye out for atypical activity.
Addressing these attacks with the right defenses is crucial—but this merely addresses the information technology (IT) layer, and it’s not enough to defend attack vectors. The operational technology (OT) layer factors into the equation just as much. Modeling the cyber-threat landscape can help in analyzing security threats and gaps specific to an organization’s industry and specific plant. The zone and conduit methodology is an effective way to segment and protect devices or systems according to security levels.
Every network connection to the plant’s control and safety systems must be identified and secured. Threats are constantly evolving as new skills, techniques and tools emerge, so the zoning and conduit approach may require expert help.
Weakly defended systems and poorly implemented—or non-existent—cyber-defense strategies can expose manufacturers to significant danger. It’s always best to integrate IT and OT approaches to ensure optimal defense and preparation.
Work together to adhere to security best practices and standards
Organizations need to ensure they are following and strengthening their site-security practices and compliance. This starts by making themselves aware of industry cybersecurity standards, then implementing and adhering to those standards, regardless of what industry or type of facility they operate. There are others, but ISA99/IEC 62443 is at the top: it’s a rigorous standard for industrial-automation technology that works to safeguard operations across multiple layers.
Cybersecurity is always a collaborative effort. Technology vendors typically provide documented procedures and best practices related to securing their systems and solutions. Industrial manufacturers need to apply those procedures, as well as ensure their systems and solutions are regularly maintained via vendor-recommended updates and patches.
Work with your vendors to understand the steps you need to take to ensure your systems and solutions are as secure as possible the moment they go online. Then keep them that way. In turn, vendors should seek to collaborate with other industry organizations—even across competitor lines—to evolve the practices and procedures that will enable industry to mitigate increasingly dangerous cybersecurity threats.
Cybersecurity comes down to people
To ensure the integrity and security of plant technology and processes, people are the first and best line of defense. Because the gap between IT and OT continues to close, everyone across the organization—whether in the plant, the field, the office, the boardroom or anywhere in the enterprise—plays an essential role in mitigating cyberthreats.
Starting with heightened personnel screening and continuing with ongoing, stronger employee training, security must be part of the operations lifecycle to plug every hole. Everyone in the industry has a role in developing this stronger cybersecurity culture. We need to educate the workforce and enable people to identify cybersecurity threats and respond accordingly.
Find a comprehensive security approach that keeps you covered
Critical business assets and information must be protected. Success rests both in implementing an IACS cybersecurity program to secure the business and collaborating with other end users, suppliers, systems integrators and standards bodies to better define, apply and adhere to industry best practices and standards.
No single entity can solve a global issue. Almost every industrial network, asset and operation is susceptible to attack, which means cybersecurity belongs to all of us. By working together, we can all withstand the highest level of cyberattacks, while collaboratively protecting the world’s most critical operations and the people and communities we jointly serve.
We can start by locking our own front doors. The time to act is now.
Gary Williams is senior director, cybersecurity services offer leader with Schneider Electric.