Industrial Cybersecurity: A Layered Approach

Industrial Cybersecurity: A Layered Approach
Industrial Cybersecurity: A Layered Approach

Experts, for decades, have championed Industrial Internet of Things (IIoT) systems because of their ability to help a plant function efficiently by making real-time recommendations that help reduce downtime, decrease cybersecurity risks and increase productivity. The adoption of IIoT systems paired with other Industry 4.0 technologies has led to increased efficiency and productivity in rapidly growing digitized industries. Interconnected plants are quickly becoming a requirement to stay competitive in many industries.
 
This increase in productivity has substantial inherent risk. The networks that power IIoT systems, if left unsecured and unmonitored (a situation more common than most would believe), pose huge risks to the business, intellectual property and plant safety. As business operations become more digitized, cybersecurity can no longer be an afterthought because the implications of not staying abreast of the latest protection solutions and best practices pose much more than just financial risk.


Cybersecurity in an industrial environment

There are many unique challenges specific to cybersecurity in an industrial environment. Plants have to have machines that communicate to compete - the networks they operate on pose the first risk as they need to be both convenient, widely accessible, and secure. Plants often have hundreds of employees, vendors, and other visitors that need to access facilities every day, but if physical site security isn’t properly maintained, bad actors can also gain access. Systemic security is a critical component of cybersecurity as plants also have hundreds of employees accessing important individual devices daily. Safeguarding each device significantly lessens the likelihood of an entire plant being compromised, as bad actors can be caught almost instantaneously when the right protective solutions are put in place.
 
Identifying plant risk and making a list of projects to secure the plant is a key aspect of mitigating cybersecurity risk. Proper planning requires building a stakeholder team across plant disciplines to identify risks to the plant and solutions to secure the plant from cybersecurity threats. Including stakeholders from all levels and departments - plant executives, machine design, operations, IT, etc. - ensures that you can best identify potential risks, plan solutions, and ensure solutions are implemented in the most efficient way possible.


Network, physical and system integrity

Since we know machines communicating openly to enhance efficiency opens up a plant to cyberattacks, what are solutions that can be implemented to mitigate these risks?

Physical cybersecurity
Physical security is the most well-known method of protection from system attacks. Securing the plant's physical boundaries starts with limiting building access and dividing the plant site into zones, and monitoring who needs access to what and who has come into contact with what personnel and information. A comprehensive physical security plan is not a one-stop-shop and requires regular updates, ongoing analysis, and updates to the implementation process. Ensuring that the approved individuals who come into the plant's site develop the skills and methods for securely connecting devices and maintaining security protocols is important. It will lessen the likelihood of the plant being successfully attacked and limit access to your business's most important devices.
 
Network cybersecurity
Network cybersecurity focuses on protecting the networks from cyberattacks. Firewalls have long been used as a means of defense from bad actors attempting to gain unauthorized access, but as potential attacks become more sophisticated, plants need to reevaluate the processes in place to protect important systems. Networks operating on industry 4.0 technologies that allow for remote access require around-the-clock monitoring and, if needed, a secured and protected "demilitarized zone" (DMZ). Shifting from the traditional all-encompassing plant network to a network that is divided into singular protected network cells mitigates risks and protects open source systems from cyberattacks.
 
System integrity
System-level security focuses on protecting the automation system and industrial control components against cyber threats. Leveraging PLC tools and integrating pre-established security features is a crucial component of making sure automation systems and control components are not compromised. Protecting industrial control systems against unauthorized duplication of PLC programs is possible when programmers design the system to bind individual program blocks to the PLC's serial number or memory card. In the usual line of defense, system integrity is usually the last measure to mitigate the likelihood of having your plant compromised. In the event that an intrusion is detected and a cyber-attack is carried out, these systems can be quarantined to isolate specific production cells that have been compromised from the non-infected production cells to shut down access to the rest of the plant's network.
 
Having proper Network, Physical and Systemic safeguards in place can protect a plant from bad actors trying to gain access to a plant’s systems. These protective layers reinforce each other so if there's a breach in one the others can reduce the risks of the incursion spreading.
 
In the current volatile environment of the world, risks and threats cannot be taken lightly. Being aware that the more exposure and points of access there are, the more avenues there are for malicious actors to attack your business. It's important to regularly update and improve your business's cybersecurity protocol to protect your business from the risk of staining the company's reputation, investors losing confidence in the business, and financial loss. The new tools being used to take down companies from these bad actors prove why updating your business's cybersecurity task force is more important than ever.

About The Author


Luis Narvaez is the U.S. Product Marketing Manager for SIMATIC PLCs and Industrial Security at Siemens Industry, Inc. He has a bachelor’s degree in electrical engineering from the University of Central Florida to complement over 10 years of automation experience serving a variety of markets including construction, entertainment/theme park, discrete and process industries.


Did you enjoy this great article?

Check out our free e-newsletters to read more great articles..

Subscribe