- August 19, 2016
By Barak Perelman, Indegy
Monitoring industrial networks in the manufacturing sector poses unique challenges. The emergence of ICS-native monitoring and control technologies is addressing these challenges.
By Barak Perelman, CEO, Indegy
Monitoring industrial networks in the manufacturing sector poses unique challenges. One of the major challenges in these environments is the fact that many maintenance processes are still performed manually. As a result, most facilities lack a complete up-to-date inventory of critical assets. They also do not maintain logs that capture details of which changes were made, when, by whom, and almost never keep a backup of the changes.
In the event of operational disruptions or failures, whether from a cyber attack, a malicious insider, or human error, it is very difficult to pinpoint the problem and fix it.
It’s a visibility problem
Operational networks use completely different technologies than those found in IT networks. These operational technologies (OT) are provided by specialist vendors like Rockwell, Siemens, Schneider Electric, Honeywell, GE, ABB, and others. They also use different communication protocols than IT products.
Industrial Controllers are the brains used in every industrial environment. They play a vital role in complex discrete-manufacturing processes used in the automotive sector, as well as process-manufacturing for pharmaceuticals, food and beverage, etc. Therefore, if a controller is the victim of a cyber-attack (one that alters its logic or disables the unit), the effects could be catastrophic.
Monitoring control-plane activity is challenging because several different protocols are used for communicating between components in process automation systems.
Standard protocols, like Modbus and Profibus are used for communicating the latest measurement of data-plane process parameters (i.e. current temperature, current pressure, etc.) between various types of controllers and data acquisition systems. A compromise of these types of communications less critical, since every controller’s logic includes safety measures such as “Never raise the temperature above a ten-thousand degrees, no matter what instructions you receive”.
Meanwhile, for control-plane operations like making changes to PLC logic, PLC code updates, firmware downloads and configuration changes, OT vendors use proprietary implementations of the IEC-61131 standard. Since these are rarely documented, it is very difficult to monitor control-plane activities.
Traditional network monitoring solutions only support standard protocols and therefore are limited to monitoring the physical measurements in the data-plane and looking for anomalies. They cannot capture changes to PLC logic and critical control operations. This represents a huge blindspot for facility operators.
Industry is Now a Target for Cyber Attacks
Operational networks are also at risk due to design problems and vulnerabilities in assets themselves.
Over the years many vulnerabilities related to OT technologies have been documented, including some that can be exploited remotely to disrupt operations and cause damage. Yet most systems are never patched since Industrial Control engineers prefer network stability at all costs. When it comes to controllers, patching is not only difficult, it can cause disruptions or downtime, and can lead to reliability issues and operational disruptions.
It is also common to find unpatched workstations still running legacy operating systems like Windows NT and XP in operational environments due to the same concerns regarding operational stability and reliability.
As a result, malicious code can be used to remotely access and compromise Windows-based systems inside industrial control networks. From here, it is possible to attack controllers and compromise industrial processes.
A roadmap for ICS security
In order to effectively protect critical infrastructures from cyber-threats a comprehensive inventory of assets deployed in each environment is required. This includes building a comprehensive asset and configuration database for all industrial controllers, and continuously updating it to maintain a log of all changes. This will allow for easier recovery in the event of a security incident and operational disruptions.
Specialized ICS network monitoring solutions that understand control-plane protocols, including proprietary implementations used for critical control operations, can provide real-time visibility into activity that can impact industrial controllers and the processes they control. In addition, rule-based policies can be enforced to prevent unauthorized changes and stop attacks.
Manufacturers need to recognize that cyber-threats are real and will only become a bigger problem with the adoption of the Industrial Internet of Things (IIoT). The primary obstacle to securing ICS networks remains a lack of visibility into malicious activity by external attackers and unintended changes by insiders. The emergence of ICS-native monitoring and control technologies is addressing this challenge.
About the author
Barak Perelman is CEO of Indegy, an industrial cyber-security firm that improves operational safety and reliability for industrial control networks by providing situational awareness and real-time security.Learn More
Did you enjoy this great article?
Check out our free e-newsletters to read more great articles..Subscribe