ISA Interchange

Welcome to the official blog of the International Society of Automation (ISA).

This blog covers numerous topics on industrial automation such as operations & management, continuous & batch processing, connectivity, manufacturing & machine control, and Industry 4.0.

The material and information contained on this website is for general information purposes only. ISA blog posts may be authored by ISA staff and guest authors from the automation community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Urgent Need for Automation Systems Cyberprotection

This post was written by Lt. Gen. (Ret.) Robert Elde, research professor with the Volgenau School of Engineering at George Mason University.

Widespread global awareness of threats to information systems (IS) has led government and business to focus significant attention and resources on IS cybersecurity. The same cannot be said regarding industrial automation systems, where there is an urgent need to focus on the cyberprotection of critical industrial control systems.

Security Breach

The U.S. Department of Homeland Security has been a thought leader in this area. Its cyber ecosystem concept calls for a comprehensive approach to protect critical infrastructure going beyond traditional network and information security methodologies. The ecosystem links five activities: prevention, detection, response, recovery, and information sharing. Prevention includes built-in security, risk-based data management, and the use of trusted spaces. Detection and response form a dynamic defense to monitor behaviors and respond to potential attacks with automated defensive actions. After responding to an attack, ecosystem recovery processes execute largely automated actions to restore essential capabilities. All these activities are tied together through internal and external automated information sharing.

Although the potential impact of cyberattacks, such as Stuxnet and Idaho National Lab's experimental destruction of a power generator, is known through news stories, it still has not garnered significant attention from policymakers or industry. A recent workshop held at the Cyber Innovation Center in Bossier City, La., found that professionals find it difficult to envision the implications of an automated system protection failure. Key decision makers prefer to expend limited resources on attack prevention. Most believe that money spent in other areas detracts from this priority, and it is not necessary if the preventive measures are successful. This perception is difficult to change. Most threats are defined in terms of their attack vectors, and security professionals are very familiar with the commercial solutions designed to defeat these attacks. This is a one-dimensional understanding of the problem. Another view is to assess the value of potential targets (in military parlance, centers of gravity) or to analyze the likely intended effects of attacks from a mission or business process perspective. The former lends itself to a variety of proactive defense approaches, while the effects view is the basis for developing resiliency processes to limit the effectiveness of attacks. Commercial products are available to support both approaches, but their capabilities are not widely known among cybersecurity professionals.

Addressing cyberprotection requires a sense of urgency among cybersecurity, industry, and government leaders. Proactive defense and resiliency solutions require extensive coordination between these groups. Systems maintenance and security professionals must develop a better understanding of the business lines they support, and business executives must better understand the challenges of operating automated systems in contested environments.

Workshop participants coalesced around several key recommendations. First, expect cyberspace to be degraded: design processes to remain effective when bandwidth is limited. Second, balance system maintenance ease with diversity and redundancy to enhance survivability and build recovery capacity. Third, implement rules to reduce network noise so detection processes can operate more effectively. Fourth, leverage inherent resiliency opportunities: integrate protective measures across the operational, logical, physical, and infrastructure networking levels. Fifth, provide a means to insert human decision making in automated response and recovery control loops. Finally, develop a risk management approach that balances resource allocations across the entire cyber ecosystem: protection, detection, response, and recovery.

This takes teamwork! Everyone involved has a critical role in the protection of industrial automation systems. Developers must eliminate vulnerabilities with a combination of hardware controls and software assurance. Threat analysts must seek information on attack vectors and develop a situational understanding of the intentions and behaviors of potential threat actors. Network and process designers must demand resiliency and diversity among critical systems, implementing controls and audits to detect potential issues before they become crises. Finally, operators of automated systems must implement business processes that support the professionals that maintain and secure these systems. Leadership is critical to implement these cultural changes.

Action is essential. Fortunately, there are many organizations available to provide assistance, including the Cyber Technology and Information Security Laboratory at the Georgia Tech Research Institute that uses expertise in systems engineering, signals, and other technology areas to create resilient control solutions for operations in contested environments and to help industry safeguard the nation's critical infrastructure. ISA's cybersecurity standards and programs are also a valuable resource.

About the Author
Lieutenant General Robert Elder (USAF, retired) joined the George Mason University faculty as a research professor with the Volgenau School of Engineering following retirement from the Air Force. He also serves as a senior advisor to the Georgia Tech Research Institute and the Cyber Innovation Center. Elder was the first commander of Air Force Network Operations and led the development of the cyberspace mission for the Air Force. He holds a doctorate of engineering from the University of Detroit.

Connect with Robert:
Email

 

A version of this article also was published at InTech magazine.


Related Posts

Checking In With Mimo, ISA's Large Language Model Trained on ISA Content

Over the summer of 2024, the International Society of Automation (ISA) announced a large language model (...
Kara Phelps Nov 15, 2024 7:00:00 AM

Ask the Automation Pros: The Use of Artificial Intelligence in Process Control

The following discussion is part of an occasional series, "Ask the Automation Pros," authored by Greg McM...
Greg McMillan Nov 12, 2024 4:30:00 PM

Protecting Electrical Terminal Blocks From Tampering

Electrical terminal blocks are a common sight in the automation world. Usually mounted on DIN rail in ind...
Anna Goncharova Nov 8, 2024 10:30:00 AM