Introduction of cyber-security in the industry 4.0
With the recent pipeline cyber attack on Colonial Pipeline by the hacker group DarkSide, the concept of security for industrial networks is at the forefront of conversation in the controls industry. In the case of the pipeline attack, it was a group that used ransomware to encrypt a computer with the intention of extorting the company for payment. While a serious problem, the techniques used were simple and the ways to avoid it is applicable to many industries.
Industrial network security is a balancing act between security and ease of maintenance. For a network to be perfectly secure it would be impossible to modify, this is not a realistic solution as access by the maintenance team is invaluable to ensuring 24/7 operation. An experienced engineer understands that something unexpected can go wrong and a work around may be needed that is off specification, at least in the short term.
Types of security
Security through obscurity
The most used technique of production security is security through obscurity. This means if an architecture is sufficiently obscure, it will not be unlikely that a bad actor figures it out. The key problem with this is if someone figured out the design of the device, someone else can also figure it out how it works. In the past this was effective as it took years of experience and training to understand how a device works or even how a network works. In modern days most industrial networks are being run via ethernet because it’s high bandwidth, reliable, readily available, and IT teams are comfortable with it, and the industrial controllers all have programming tutorials online.
The last major attack that made major waves was the Stuxnet attack. This attack directly modified the parameters of the PLC’s (industrial controllers) in such a way that the centrifuges used by the Iranian nuclear enrichment process spun at speeds just high enough to cause damage, but not high enough where it would be obvious. This was possible due to the networked nature of modern industrial systems and proved the controllers themselves could be compromised.
It is said that that the only secure network is one that is not online. It is recommended to decrease the attack surface area as much as possible. As such, running a separate user and production network is critical. There is no reasonable cause for an operator to be able to check their email on a DCS client.
As such, an ideal design is one where separate switches are used for each network. A simple solution is to use a VLAN to separate the devices. I advocate one step above that when possible, the more secure version would be to physically separate network switches. Add new switches to the existing network closets, land only the production network devices on them, and run new fiber.
There are always reasons to have the production network exposed to the internet such as being able to monitor factory conditions while away from the office. A solution would be to have a single server that is accessible on both networks. An IT team would use known techniques to limit access to that one device to only the people that need it, and keep it updated with all the latest security fixes. While not perfect, it’s very effective as it greatly reduces attack surface area.
The text continues below the info block
Smart Industry could use some 'human factor'
When speaking of Smart Industry, the emphasis often lies on technology. This is understandable, but the human factor cannot be underestimated. How can an organization support everyone in order to deal with an ever faster changing environment as effectively as possible?
Cell based design
Problems occur all the time. In 24/7 facilities where maintenance takes a back seat to staying on-time, interesting problems have a tendency to occur. The design of the facility should always try to avoid single points of failure. If one is inevitable, there should be a rapidly deployable contingency plan.
Each end device should be part of a cell that can self-manage and complete their task without need of an overarching control system. If the main control system goes down, it should be possible to run the devices in manual or semi-automated mode, and it should be easy to access that mode. This means making sure devices from different manufacturers speak to the device ahead of and behind them on the production line. Ideally this is done without needing to go through a central point of failure such as a
PC setup by the device manufacturer to interface their group of devices to the house network, which in my experience is typically the weakest link. It is best for real-time devices to interface with real-time devices, at the very least the production network should be self-sufficient.
It’s not always an external threat to production. Maybe a forklift driver swerved to avoid someone, and they hit into a control cabinet. Maybe a device was accidentally loaded with the wrong code and it bumped the right device off the network. These things happen and buying time for the maintenance team to figure it out is critical. A manual mode must be on each machine and an operator should be able to jump on to keep some production running regardless of external circumstances. In the case of the pipeline cyber attack, it should be possible to keep the crude oil flowing using an override even if the efficiency is lessened.
When possible, it makes sense to monitor devices to ensure they are working correctly. One should assume that there will be a compromised situation and steps should be taken to ensure that if anything goes wrong it is caught and corrected quickly.
I strongly advocate historian systems that log key data and are capable of displaying that data as historical trends. Wonderware system platform comes to mind but there are many that exist in the IOT big data infosphere. A step beyond is monitoring the industrial controllers to ensure they are running the correct code using a tool such as FactoryTalk AssetCentre. This is needed because it is possible for the wrong code to be loaded onto a controller by a technician and best to catch that as soon as possible. It is not necessary to use such high dollar software however, as it is possible to use a python to interface with the controllers through existing libraries, and have a simple script that monitors critical variables.
Having a very secure network does not mean that it’s impenetrable. It’s like having an alarm system on your house, with enough time and effort any lock or alarm can be defeated. The point is to be a significantly difficult target where the attacker decides it’s not worth it and pursues less secure targets.
Would you like to know more? Feel free to reach out
Director, New York City
Tel: +1 (571) 599 4449