IT in Manufacturing


Cyber defence for industrial networks

December 2015 IT in Manufacturing

The last few years has seen huge growth in industrial networking. Since protocols like Fieldbus (IEC 61158) were not meant to be integrated into larger business networks, most suppliers and end users have concentrated on network connectivity and not network cyber security.

Given that the cyber security problems in industrial networking are similar in many ways to office networking, many industrial control system (ICS) asset owners have embraced the industrial network challenge and are expanding their deployments from the most vulnerable interconnected office to plant environments.

Meanwhile, other ICS asset owners have taken a cautious approach to this new world of industrial networking. Conversely, such organisations are concerned about the vulnerability of ICSs by the increased connectivity. Are there any basic steps an organisation can take to prevent compromise in this area?

Introductory cyber defence

Like all applications of defensive measures, cyber defence begins with a mindset or philosophy. This is grounded in the understanding that everyone who uses ICS is a target. No longer can any ICS asset owner say with certainty that “they are too small or too obscure to be a target”. In fact many smaller plants or facilities across the world are finding themselves increasingly being targeted as larger corporations establish sophisticated security defences.

Being a hacking target is one thing, but it is also hard for the average ICS operator to know where to concentrate any defensive measures. In large corporations, Security Risk Management efforts now quantify a scored hierarchy of importance. Then, after the hierarchy is established, security defensive measures are applied to the most critical systems first. Smaller ICS owners can do this scoring as well. But they should score systems which hackers are most likely to attempt to exploit, like PC workstations that are connected to critical systems.

Cyber defence guidance

According to the Australian Signals Directorate Top 35 list of mitigation strategies (http://tinyurl.com/p7tehyh), at least 85% of intrusions could have been mitigated by combining the top four mitigation strategies.

These four strategies are:

1. Patching applications.

2. Patching operating system vulnerabilities.

3. Restrict administrator privileges.

4. Application whitelisting.

Operating system and application updates – basic digital hygiene

For ICS computers, there is no better, high value mitigation than regular operating system (OS) updates. These should be set to “automatic”, but if you suspect your computer is out of date and has Windows OS, simply perform a windows update. The same can be said for other operating systems such as Linux. Operators should establish an update policy and perform the updates on a monthly schedule, if possible.

The following applications on ICS computers should be updated with the latest versions or uninstalled: Web browsers, Adobe Acrobat, Microsoft Office and Adobe Flash. These install base common applications are prime targets for hackers to exploit. A special mention should be the use of an up-to-date anti-virus. A non-current anti-virus is sometimes worse than none at all.

Wherever possible, ICS related devices should be updated to the latest software version. This is especially important for industrial network related devices like switches and routers. Hackers are very keen to infiltrate unsecure network devices to maintain persistence in an attacked organisation.

Restrict administrator privileges – keep safety features in place

The reason that administrator accounts need to be controlled is to prevent privilege escalation. Whenever possible, an operating system login should be done with standard user privileges. Administrator privileges should only be used when needed, and sparingly during normal operation.

Application whitelisting – no rogue programs

A whitelist is a list or register of entities that are being provided a particular privilege, service, mobility, access or recognition on a system. Entities on the list will be accepted, approved and/or recognised. Whitelisting is the reverse of blacklisting, the practice of identifying entities that are denied.

For most computing applications, whitelisting is not very practical. But the principles of whitelisting can be applied manually to yield some protection. Mitigations like manually monitoring process listings to see if any strange applications are running and then ending that process/application if it seems to be running when it shouldn’t be.

How to detect if a system is ‘Hacked’?

There are many ways to detect if your ICS is hacked but without the use of sophisticated forensic tools, a qualitative assessment is usually an acceptable method for most ICS users.

Observable indicators of compromise (OIC)

• System runs slowly. This could be due to malware background processes running.

• System takes overly long to boot. This could be possibly due to hacker hardware drivers loading.

• System makes strange noises at odd times or at startup. This could be due to malware hardware driver being poorly coded.

• System applications do not run as desired, for example, the system update, system restore or anti-virus not being able to update is an indicator that the system has been hacked.

• You find web services, such as web searches, are redirected to unusual sites due to a Malware/Adware compromise.

In general, should any of the above occur, it is wise to contact an IT security professional to resolve the problem. Additionally, once the near term issue is resolved, the computing asset should be rebuilt with fresh OS load media during the next maintenance shutdown.

Can cyber defence be this simple?

Industrial networks offer huge advantages when secured properly. There is always the potential for a hacker to compromise your control system, however if you secure your systems, even to a basic level, most attackers will proceed to easier targets elsewhere.

The biggest issue today, in industrial networks, is the concern with disruption and loss of control.

Cyber security may be inconvenient but if you do implement it, you can still maintain operations within safety margins. Deployment of industrial networks with the above cyber defensive practices makes them more dependable and allows organisations to enjoy the benefits of increased connectivity.

For more information contact Christie Cronje, Yokogawa South Africa, +27 (0)11 831 6300, christie.cronje@za.yokogawa.com, www.yokogawa.com/za



Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Bringing brownfield plants back to life
Schneider Electric South Africa IT in Manufacturing
Today’s brownfield plants are typically characterised by outdated equipment and processes, and face challenges ranging from inefficient operations to safety hazards. However, all is not lost, as these plants stand to gain a lot from digitalisation and automation.

Read more...
Faster access to device data
EPLAN Software IT in Manufacturing
Eplan eStock gives companies access to centralised device management in the Eplan Cloud, simplifying collaboration, and reducing coordination times and media discontinuities.

Read more...
Accurate and effective bearing replacement
SKF South Africa IT in Manufacturing
Each year, incorrect mounting is causing countless bearing failures. Overcoming this can deliver multiple benefits to owners and operators of rotating machinery, including reduced maintenance costs and fewer breakdowns.

Read more...
Comprehensive protection of the network
Phoenix Contact IT in Manufacturing
In recent years, the generation of data to create ever better transparency and control of production has become a decisive competitive factor. IIoT has also contributed to more manufacturing systems being connected to IT or cloud systems. This places higher demands on access security, which Phoenix Contact meets with the Secure Edge Box.

Read more...
Manufacturers should watch for these five trends
IT in Manufacturing
Over the last several years trends have emerged in manufacturing, realising significant advancements in machine-reliant assembly lines through to highly automated factories. As we look ahead, there are several key trends to watch.

Read more...
The role of technology in mining safety and environmental protection
IT in Manufacturing
Modern mining practices routinely integrate technology into workflows to improve operational efficiencies. AI can also play a role in managing employee health, decreasing safety risks, and managing the environmental footprint of mining and extractive industries.

Read more...
Machine safety, diagnostics and data security
Turck Banner Southern Africa IT in Manufacturing
Personnel safety systems on machines are often seen as a necessary evil. To function correctly, a safety device is required to be self-checking, which adds more complexity and costs compared to a non-safety device.

Read more...
SMOM – the future is here now
Iritron Editor's Choice IT in Manufacturing
In his presentation at the recent MESA Africa conference, Neels van der Walt, business development manager at Iritron, revealed the all-encompassing concept of smart mining operations management (SMOM), and why it is inextricably linked to the future of worldwide mining operations.

Read more...
Navigating disruption in manufacturing
Editor's Choice IT in Manufacturing
When considering IT in manufacturing, the underlying assumption is twofold: first, a wave of valuable maturing technologies can be harnessed to create new business value, and second, the environment in which these technologies will be applied will be relatively predictable, with change following a manageable, evolutionary path. However, recent disruptions have shattered these assumptions.

Read more...
Multi-discipline simulation of axial flux motors for next-generation EVs
Siemens South Africa IT in Manufacturing
Siemens Digital Industries Software’s Simcenter E-Machine Design software helps electric vehicle (EV) manufacturers and their associated supply chains to predict the performance of e-machines accurately, including axial flux electric drive units.

Read more...