Operational technology (OT) consists of a combination of hardware and software to monitor and control physical devices on a network, such as valves or pumps. OT facilitates the expansion of the industrial Internet of things (IIoT) by ensuring that different hardware and software can communicate in industrial environments. The most common examples are PLCs in factory automation, DCSs in the manufacturing industry and scada systems in the process automation industry. When a network includes controllers and motors managed by a scada system as well as industrial technologies it is known as an IACS (industrial automation control system). The main benefit of an IACS is that it allows greater efficiency by facilitating remote management and more automated processes. However, the vulnerability of an IACS network increases as it expands and more devices require access to the IACS network, which is common within the IIoT.
For many years, industrial networks were isolated from enterprise networks, which meant that cybersecurity was not a primary concern for system operators as the networks were well protected due to their isolation from other networks. However, as this is no longer the case, system operators must not use out of date security practices if they want to keep their networks secure. The focus of this white paper is to analyse why cybersecurity is of paramount importance for IACS networks, and what is needed in order to build, manage, and maintain secure IACS networks.
Three factors that help ramp up the security of industrial networks
Industrial networks must be protected from unauthorised access that could damage them and thus decrease the productivity of the network. Many cybersecurity experts believe that in order to ramp up the security of industrial networks, there are three aspects that need to be addressed:
1. Device security
This section will focus on how the evolution of industrial networks over the past few years has changed the procedures system operators must perform in order to secure network devices from cyberattacks. The first concern that will be considered is device authentication and access protection. The second concern is how to utilise an easy-to-use, effective password policy when system operators have hundreds of devices installed on their industrial network. Finally, it addresses how to ensure that all devices have the ability to collect and store event logs. Event logs alert the system operator to what happened on the network and why it happened, which will allow them to fix the problem as quickly as possible.
2. Network security
In the network security section, the focus will be on which devices or systems need to have the highest levels of protection. In addition to this, an explanation of the defence-in-depth approach will be given that includes examples of why it should be utilised in order to ensure that the network remains secure. Finally, the challenge of how to ensure secure remote access through the use of firewalls and VPNs will also be explored.
3. Secure management
The secure management section will consider a list of the recommended procedures for security policies and guidelines developed by experts in order to ensure that the network is protected throughout the entire network lifecycle. This section will also consider device security and how to manage the security of the entire network. Finally, this section will consider how to simplify the configuration and management of security settings. When security settings are too complicated, as is often the case on industrial networks, system operators will tend to ignore recommended guidelines and not implement security settings.
Defence-in-depth security architecture
When designing a network, many system operators have stated that the best way to secure a network is to use the defence-in-depth security architecture, which is designed to protect individual zones and cells. Any communication that needs to take place across these zones or cells must be done through a firewall or VPN. Deploying this type of architecture reduces the chance that the whole network will fail because each layer is able to address a different security threat. It also reduces the risk to the entire network; if a problem occurs in one part of the network, there is a higher chance that the problem can be contained within that layer and will not spread to other layers. Experts have identified three steps that should be taken in order for a reliable defence-in-depth cybersecurity architecture to be deployed, which will now be considered in detail.
Step 1: Network segmentation
Network segmentation involves breaking down the network into physical or logical zones with similar security requirements. The benefit of segmenting the network is that each section can focus specifically on the security threats that are posed to that section of the IACS. Deploying the segmentation approach is advantageous because each device is responsible for a particular part of the network, as opposed to being responsible for the security of the entire IACS.
Step 2: Define zone-to-zone interactions in order to scrutinise and filter network traffic
In order to enhance network security, the traffic that passes between zones in the IACS must be scrutinised and filtered. Cybersecurity experts believe that one of the best methods to filter traffic is for the data to pass through a demilitarised zone (DMZ). By utilising a DMZ, there is no direct connection between the secure IACS network and the enterprise network, but the data sever is still accessible by both. Eliminating a direct connection between secure and enterprise networks significantly reduces the possibility that unauthorised traffic can pass to different zones, which has the potential to jeopardise the security of the entire network.
Step 3: Support secure remote access on industrial networks
Finally, within the IACS industry there is a growing need to provide access to remote sites where functions such as maintenance can be performed. However, this significantly increases the risk that someone with malicious intent can access the network from a remote location. For networks that require the remote site to be constantly connected to the IACS, it is advised to use a VPN that supports a secure encryption method such as IPsec, which prevents unauthorised users from accessing the network. There are three main advantages of using a VPN that supports IPsec. The first is that the data will be encrypted when it is transmitted. The second is that it forces the sender and recipient to authenticate who they are, which ensures that data is only passed between verified devices. The third is that by enforcing encryption and authentication, integrity of the data can be ensured. For many experts, data integrity is the most crucial aspect for system operators to use their data reliably. IPsec ensures that security keys must be between 20 and 40 characters in length, which is considered strong enough encryption to transmit data securely on an IACS. In order to ensure data is complete, system operators need to use secure transmission methods that ensure data is encrypted and authenticated at all times.
Secure industrial network devices
After the network has been secured, the next step is to consider how to ensure that users cannot adversely change settings by accident or on purpose. This problem can arise from users who operate and manage the network, third-party system integrators, and contractors that are required to perform maintenance on the network. The best way to secure against this threat is to enhance the network devices’ cybersecurity to ensure that they cannot have their settings altered in a way that puts the devices or the network at risk. Many cyber-security experts view the IEC 62443 standard as the most relevant publication for how to secure devices on industrial networks. This standard includes a series of guidelines, reports, and other relevant documentation that define procedures for implementing electronically secure IACS networks. The IEC 62443 standard contains seven foundational requirements for device security on industrial networks:
1. Identification and authentication control.
2. Use control.
3. Data integrity.
4. Data confidentiality.
5. Restrict data flow.
6. Timely response to events.
7. Network resource availability.
Secure monitoring and management
After determining that the network devices and the network topology are secure, a network management policy needs to be established to ensure that the network remains secure throughout the entire network lifecycle. In order to achieve this, system operators should have a series of guidelines to follow. This will allow them to implement procedures that follow best practices to ensure that secure monitoring and management of the network takes place as smoothly and reliably as possible.
Throughout the automation system lifecycle, maintenance will often need to be performed by local engineers or system integrators. This maintenance will typically include changing, replacing, or updating devices located in the network. It is important to note that whenever a device has some of its settings modified, there is a possibility that it is no longer secure and is now vulnerable to cyberattacks. As networks, especially IACS networks, continuously evolve and change, there needs to be constant monitoring of the network and all the devices located on it. As there are almost always a large number of service personnel who are responsible for monitoring and maintaining different devices on the network, it is not a good idea for all of them to perform security settings based on their own knowledge or experience. For this reason, a good standard operating procedure that clearly defines how to configure device settings should be adhered to at all times. It is important to ensure that constant monitoring of the network takes place to ensure that no errors occur and that the network can be kept safe from all security threats. In addition, system operators will often ask their device suppliers how long it will take to have a firmware upgrade in the event of a vulnerability being discovered on the network. A quick response time to this type of request is very important for ensuring the security of the industrial network. Therefore, network operators should know how long they need to wait for a firmware upgrade or device replacement if a security risk occurs.
Operating an industrial network
Now that some of the best practices have been established for ensuring IACS networks remain secure, the question of how to simplify this process will be considered. On almost every IACS network, there are multiple security setting options for all of the different devices located on the network. Therefore, it is very challenging for system operators to monitor the security status of every device. In order to overcome this difficulty, one method that is frequently employed by system operators is to export all of the devices’ configuration settings to a storage device. When a device needs to be replaced or reset, all the system integrator has to do is import the device’s settings from the storage device directly into the network device. This avoids the aforementioned problem of engineers relying on their own experience or knowledge to configure device settings as well as saving time and avoiding human error. System operators must choose a suitable device that will securely store configuration settings and reliably upload configuration settings to devices without any errors.
It is important to remember that industrial networks are only secure when all the network devices support the necessary security features and when these features are adhered to throughout the entire network lifecycle. In addition, the system operator must be able to respond very quickly to any event that occurs on the network and ensure that any configuration changes are done securely and accurately. Being able to efficiently maintain and operate a network will greatly assist system operators to monitor and manage their network in a secure manner throughout the whole network lifecycle.
Conclusion
Ensuring that a network and the devices installed on it are secure is not easy because the threats posed to industrial networks are constantly changing and evolving. In order to protect the network as well as possible, system operators should adopt the defence-in-depth network architecture. Aside from a good overall network design, system operators should select hardened devices that are compliant with the IEC 62443-4-2 standard.
Overall, system operators should have a thorough understanding of the possible threats facing their network as well as detailed knowledge of the best practices for designing and maintaining networks. Finally, ensuring that the network is constantly monitored throughout the network lifecycle will mitigate any security risks that arise as the network evolves.
| Tel: | +27 11 781 0777 |
| Email: | [email protected] |
| www: | www.rjconnect.co.za |
| Articles: | More information and articles about RJ Connect |
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version