- January 26, 2015
By Bill Lydon, Editor
Cyber-attacks are on the rise. Do manufacturing companies need to experience major disasters before they take cyber security seriously? We have talked and written much about cyber security, but little action has been taken. The good news is there is an ever expanding range of cyber security protection solutions for those motivated to protect themselves.
Bill Lydon’s Automation Perspective
By Bill Lydon, Editor
Cyber-attacks are on the rise. Do manufacturing companies need to experience major disasters before they take cyber security seriously? We have talked and written much about cyber security. I believe it is comparable to a crime in your neighborhood; there is a great deal of concern but few install security systems. As an old sage once stated, “Talk is cheap, it takes money to buy whiskey!” The phrase means that it’s easier for someone to say that they will do something than to actually do it. The good news is there is an ever expanding range of cyber security protection solutions for those motivated to protect themselves.
Many countries are viewing cyber security protection as part of their national security. In the United States, the National Cybersecurity and Communications Integration Center (NCCIC) is focused on conducting daily analysis and situational awareness, incident management, and information sharing in the cybersecurity and communications domains. The NCCIC organization supports a holistic approach at home and abroad to prevention, protection, mitigation, response, and recovery efforts with a 24/7 Communications Operations and Integration Center.
In 2013, the NCCIC received over 220,000 reports of cybersecurity and communications incidents from both public and private partners sharing what they discovered on their information technology systems. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) operates cybersecurity operations centers in Arlington, Virginia and Idaho Falls, Idaho. Through these centers, ICS-CERT focuses on control systems security as a component of the NCCIC. ICS-CERT activities include the following:
response and analysis of industrial control systems (ICS) incidents
- onsite support for incident response
- malware analysis
- situational awareness intelligence
- coordinating responsible disclosure of ICS vulnerabilities/mitigations
- sharing and coordinating vulnerability information
- threat analysis through information products and alerts
In 2013 the organization triaged more than 250 cybersecurity incidents by providing analytic support and guidance to asset owners. Another part of this effort is the Industrial Control Systems Joint Working Group (ICSJWG), a collaborative and coordinating body formed under the Critical Infrastructure Partnership Advisory Council Framework. ICSJWG facilitates partnerships between the Federal Government and private sector owners and operators in all critical infrastructure (CI) sectors. The goal of the ICSJWG is to enhance collaboration with ICS stakeholders toward securing CI by accelerating the design, development, and deployment of secure ICS.
Prime Industrial Targets
Threats and vulnerabilities have evolved in recent years resulting in more risk to control systems. The power and utilities, petroleum and transportation industries are experiencing the majority of cybersecurity incidents. Breaches in the financial services industry get higher visibility than industrial, but they indicate the seriousness of threats. The recent JP Morgan data breach affected about 84 million customer records. The severity of the attack was a major wakeup call for the industry. JP Morgan’s cyber defenses are considered to be among the finest in the industry, but it took the bank’s security team more than two months to detect and stop them. Financial breeches make big news and are certainly serious. But the risk to industrial infrastructure could easily result in the loss of very expensive assets and human lives.
In recent years, industrial control and SCADA systems became more accessible because they use more COTS (Commercial-Off-The-Self) technology. The industrial automation system risk profile has been changing with the adoption of commercial technology, including Microsoft operating systems, industrial Ethernet, business network connectivity, and direct or indirect Internet connectivity. Many industrial Ethernet networks deployed are insecure. Unauthorized remote connections are being made for troubleshooting and changes to controllers (PLC, DCS, others). Compounding this, industrial automation systems seem to be second rate when it comes to technology update investments. Unrightfully so, many companies find it difficult to justify these system upgrades. For example, many industrial automation systems are running Windows XP for which support ended on April 8, 2014. The Stuxnet incident created high visibility and probably elevated industrial automation as a cyber-hacker opportunity. Cyber security is a moving target; adversaries are learning that industrial control and SCADA systems are fertile ground.
Obvious solutions are firewalls but there are more options available for industrial systems. Cyber security appliances installed at controllers create security zones. Another approach is to install devices at controllers and a master that creates a logical network with encrypted device communications. The Intel Gateway Solutions for Internet of Things (IoT) is a line of processor chips with embedded Wind River secure operating system and McAfee cyber security.
Service suppliers are emerging to perform risk analysis, mitigation recommendations, and provide remote cyber security monitoring. This is a way to leverage talent since cyber security is a moving target and requires knowledge, knowhow, and ongoing learning. Cyber security requires systems to be continually updated and monitored to maintain integrity. When systems are breached, experts need to contain the threats and find ways to prevent them. The goal is to protect processes from the loss of confidentiality, integrity and maintain availability for production.
One example is Siemens Cyber Security Operations Center, an impressive facility in Milford, Ohio, that supports their cyber services practice. From the Center, Siemens provides continuous monitoring and analysis of security and system status based on real-time global intelligence. Proactive threat notification reduces the risk of production loss and equipment damage, as well as protecting intellectual property, company reputation and brand image.
Siemens cyber experts monitor and mitigate cyber risks.
A second example is the Honeywell Industrial Cyber Security Lab, which was opened in late 2014. In the lab, Honeywell experts conduct hands-on training and proprietary research, and develop, test and certify industrial cyber security solutions. It also enables Honeywell to collaborate with educators and contribute to cyber security-related academic programs around the world. Located in Duluth, Georgia, the lab also serves as a means to share technological advancements and solutions with interested users.
- NIST Special Publication 800-82 Guide to Industrial Control Systems (ICS) Security
- ICS-CERT Alerts - An ICS-CERT Alert is intended to provide timely notification to critical infrastructure owners and operators concerning threats or activity with the potential to impact critical infrastructure computing networks.
- ISA99 - Industrial Automation and Control Systems Security
- Cybersecurity strategy and actions
- Cyber Attacks on Industrial Systems Increasing Rapidly
- Windows XP Cyber Time Bomb set for April 8, 2014
- Cyber Security Lessons from a Military Leader
- Industrial Ethernet Architecture & Cyber Security Risks
- Industrial Cyber Security Compliance & Enforcement
Did you enjoy this great article?
Check out our free e-newsletters to read more great articles..Subscribe