This post was authored by Mary Ramsey, executive director of ISA and formerly senior vice president of the U.S. industry business for Schneider Electric.
Cybersecurity is a growing international concern. Global insurance market Lloyd’s of London’s Risk Index 2013 rated cybersecurity the number three top threat to the global economy in 2013, up from number 12 the previous year. With the rise of cybercrime, it is important for companies and organizations to understand their unique vulnerabilities to this type of crime.
Many government-focused attacks originate from entities in developing countries interested in growing their critical infrastructure (such as for power, chemical, water, oil and gas), and who are looking at successful companies and entities to understand how they design and operate their systems. These industries, along with their corresponding industrial and manufacturing production facilities, have unique vulnerabilities to cyberattacks.
Safeguarding infrastructure-critical industries
A change in the industrial landscape and increased vulnerabilities are prompting industrial facility managers and operators to implement security practices tailored to safeguard their network infrastructures. It is important for a facility manager to understand the unique characteristics of his or her industrial environment and where cybersecurity actions should be applied. Below are six key steps for operating facilities according to the highest possible security standards.
- Security plan: Have a plan that includes critical asset identification, policies, and procedures to cover risk assessment, risk mitigation, and methods to recover from disaster.
- Network separation: Separate the industrial automation and control system from other networks by creating “demilitarized zones” to protect the industrial system from enterprise network requests and messages.
- Perimeter protection: Use firewalls, authentication, authorizations, virtual private networks (IPsec), and anti-malware software to prevent unauthorized access.
- Network segmentation: Contain a potential security breach to only the affected segment by using firewalls and virtual local area networks to divide the network into subnetworks and by restricting traffic between segments. This helps contain the malware impact to one network segment, thus limiting damage to the entire network
- Device hardening: Manage passwords, define user profiles, and deactivate unused services to strengthen security on devices.
- Monitor and update: Do surveillance of operator activity and network communications. Regularly update software and firmware.
Vulnerable industrial environments
The increasingly open and collaborative nature of industrial operations introduces higher risk in these environments. In the past, industrial networks were primarily isolated systems, running proprietary control protocols, using specialized hardware and software. These days, systems are networked on IP-based, wireless, and mobile systems that are more open to attack. What’s more, legacy control systems were not designed to contend with current threat levels.
Inadequate end user awareness and end user inertia lead to increased vulnerability. End users in critical infrastructure environments are often better organized in their cybersecurity defense. However, many end users in other industries (including manufacturing) are either unaware of the risk of cyberattacks or reluctant to implement security strategies in their enterprises, because investments in cybersecurity do not appear to have a tangible return on investment. This leads to a complacent “wait and watch” approach that only mandatory regulation or the unfortunate instance of a cyberattack may change.
Increased need for real-time operational data has propagated the use of commercial off-the-shelf information technology solutions in industrial environments. This has changed the playing field, and the gradual shift toward “connected” network solutions in the industrial space has caused control systems to face increased exposure to malware and security threats that are targeted at commercial systems. Inadequately skilled workers leave the industry with gaps in its knowledge base and expertise to protect against attacks. Although the industrial sector prides itself on a highly skilled workforce focused on automation systems, that does not always translate into adequate expertise in industrial operational technology networks. The skills gap weakens an organization’s ability to develop comprehensive protection and prevention strategies.
Using security best practices
Cybersecurity incidents are escalating in number and complexity. As industrial processes are integrated with outside networks, plants are at risk, and operations teams need to implement cybersecurity best practices. Cyberattacks are an ever-present and an ever-evolving threat that require a proactive and planned approach. To keep their operations safe, organizations need to look at their internal policies, procedures, and culture, and work in close partnership with their solutions providers.
ISA offers standards-based industrial cybersecurity training, certificate programs, conformity assessment programs, and technical resources. Please visit the following ISA links for more information:
- ISA Global Cybersecurity Alliance
- Cybersecurity Resources Portal
- Cybersecurity Training
- IEC 62443 Conformance Certification
- Family of Standards
- ISA/IEC 62443 Cybersecurity Certificate Programs
- Suite of Security Standards
About the Author
Mary Ramsey is executive director of ISA and formerly served as senior vice president of the U.S. industry business for Schneider Electric.
A version of this article also was published at InTech magazine.