Protecting networks becomes mainstream industrial activity
Industrial security has transformed from an afterthought to an important concern over the past several years. Devising efficient strategies for operational networks must now be part of corporate planning for all but the smallest of companies.
Many factors are forcing companies to determine how they can provide an appropriate level of protection for their corporate communications. Cloud computing, the growing role of mobile devices in manufacturing, global access for remote plants and connections to the Internet of Things are among the dynamics behind this focus on cybersecurity.
Hackers have breached the protective schemes of huge corporations and government agencies, and industrial operations are getting more attention as outlaws search for lucrative targets. Hackers can extort large sums, stop production runs or alter manufacturing processes to ruin a company’s reputation, as well as stealing corporate secrets.
Avoiding these and many other potential problems requires a comprehensive program that includes training for employees and series of policies and guideline in addition to a host of technical solutions. It’s important to address many issues when companies build layers of defenses.
Safeguarding corporate assets will perhaps be most important for fields like energy and critical manufacturing. Disruptions in these areas can have significant impacts on society, so they are prime targets for hackers and terrorists of all stripes. But even comparatively small operations in non-critical, non-glamorous fields may fall into the crosshairs of cyber attackers who might want to steal information or disrupt production for various reasons.
Four Areas to Watch to Improve Security
There are four primary segments to a cybersecurity program: communications, access control, data integrity and authentication, according to Alan Cone, product marketing manager at Siemens. Securing communications is an important factor, one that includes many different parameters. One simple strategy is to monitor network traffic. If it spikes significantly, that can be a warning that the network is being attacked or already breached.
Maintaining data integrity is also a critical step. Data must always be transmitted in a safe manner and checked to make sure that it’s received correctly before information is used to make decisions.
Access control and authentication are both important aspects that address humans more than technology. Passwords are a common form of access control, but employees need to know how to manage them. It’s not uncommon for operators to have passwords taped near the equipment, making it easy for a disgruntled employee to gain entry under false pretenses. The other factor, authentication, ensures that only authorized personnel can monitor and/or control certain pieces of equipment.
A pair of standards can help companies build their defense strategies. IEC 62443 and ISA 99 both provide best practices and other helpful information. Standards can be helpful, since they address problems that arise for the majority of networks that use common standards that are well understood by most hackers.
In many instances, setting up a demilitarized zone (DMZ) adjacent to the plant floor network can be a good first step. A DMZ checks all data before it goes in or out of the plant, providing a strong protective layer.
Cone also suggests doing risk analysis to ensure that the proper level of protection is achieved. It’s more important to secure expensive equipment or mission critical processes, so areas like these may deserve additional layers of protection.
Regardless of the level of security that’s needed, planners need to devise plans for dealing with malware that breaches the protective barriers. Stopping intruders is important, but defense in depth strategies must also address hackers who get beyond these barricades. Preventing attackers from moving throughout the network will limit the damage that can be done. Cell protection provides risk mitigations by segmenting networks, Cone added.
Some redundancy should be built into industrial networks to ensure that a problem in one area doesn’t cause problems in multiple areas. Backup networks can keep most plant operations running while a section is shut down for repairs.
While cybersecurity strategies focus primarily on keeping people out, they must also let authorized people in. Remote access is becoming more important. It provides a way for experts to see equipment without taking the time and money to go to a facility. Managers can also do troubleshooting regardless of where they are.
Protecting intellectual property (IP) is also an important facet of a security program. IP such as a recipe can be the center point of a company’s offerings, so it must be locked down to prevent theft and piracy. In some instances, this protection may go as far as protecting memory on PLCs or ensuring that memory cards can be copy protected so no one can remove a memory card and copy mission-critical information.
Plant managers can also leverage the security efforts of their equipment suppliers. Major companies like Siemens often have global connections that help keep them abreast of any issues that have popped up. Cone noted that problems that occur in China may become issues in the U.S. later in the day. When companies know what types of threats and attacks are coming, they can more easily create fixes and get them into the field before major problems arise.
All these pieces must be pulled together into a holistic protection plan that covers the many aspects related to industrial networks. That strategy includes buying equipment that’s been certified by independent contractors, as well as establishing protection levels that address different factors. Though cybersecurity has become an important aspect of plant protection, companies must also look at physical security, providing protection that may go as far as only unlocking doors after employees use key cards or biometrics.Have an Inquiry for Siemens about this article? Click Here >>