IT in Manufacturing


Cyber defence for industrial networks

December 2015 IT in Manufacturing

The last few years has seen huge growth in industrial networking. Since protocols like Fieldbus (IEC 61158) were not meant to be integrated into larger business networks, most suppliers and end users have concentrated on network connectivity and not network cyber security.

Given that the cyber security problems in industrial networking are similar in many ways to office networking, many industrial control system (ICS) asset owners have embraced the industrial network challenge and are expanding their deployments from the most vulnerable interconnected office to plant environments.

Meanwhile, other ICS asset owners have taken a cautious approach to this new world of industrial networking. Conversely, such organisations are concerned about the vulnerability of ICSs by the increased connectivity. Are there any basic steps an organisation can take to prevent compromise in this area?

Introductory cyber defence

Like all applications of defensive measures, cyber defence begins with a mindset or philosophy. This is grounded in the understanding that everyone who uses ICS is a target. No longer can any ICS asset owner say with certainty that “they are too small or too obscure to be a target”. In fact many smaller plants or facilities across the world are finding themselves increasingly being targeted as larger corporations establish sophisticated security defences.

Being a hacking target is one thing, but it is also hard for the average ICS operator to know where to concentrate any defensive measures. In large corporations, Security Risk Management efforts now quantify a scored hierarchy of importance. Then, after the hierarchy is established, security defensive measures are applied to the most critical systems first. Smaller ICS owners can do this scoring as well. But they should score systems which hackers are most likely to attempt to exploit, like PC workstations that are connected to critical systems.

Cyber defence guidance

According to the Australian Signals Directorate Top 35 list of mitigation strategies (http://tinyurl.com/p7tehyh), at least 85% of intrusions could have been mitigated by combining the top four mitigation strategies.

These four strategies are:

1. Patching applications.

2. Patching operating system vulnerabilities.

3. Restrict administrator privileges.

4. Application whitelisting.

Operating system and application updates – basic digital hygiene

For ICS computers, there is no better, high value mitigation than regular operating system (OS) updates. These should be set to “automatic”, but if you suspect your computer is out of date and has Windows OS, simply perform a windows update. The same can be said for other operating systems such as Linux. Operators should establish an update policy and perform the updates on a monthly schedule, if possible.

The following applications on ICS computers should be updated with the latest versions or uninstalled: Web browsers, Adobe Acrobat, Microsoft Office and Adobe Flash. These install base common applications are prime targets for hackers to exploit. A special mention should be the use of an up-to-date anti-virus. A non-current anti-virus is sometimes worse than none at all.

Wherever possible, ICS related devices should be updated to the latest software version. This is especially important for industrial network related devices like switches and routers. Hackers are very keen to infiltrate unsecure network devices to maintain persistence in an attacked organisation.

Restrict administrator privileges – keep safety features in place

The reason that administrator accounts need to be controlled is to prevent privilege escalation. Whenever possible, an operating system login should be done with standard user privileges. Administrator privileges should only be used when needed, and sparingly during normal operation.

Application whitelisting – no rogue programs

A whitelist is a list or register of entities that are being provided a particular privilege, service, mobility, access or recognition on a system. Entities on the list will be accepted, approved and/or recognised. Whitelisting is the reverse of blacklisting, the practice of identifying entities that are denied.

For most computing applications, whitelisting is not very practical. But the principles of whitelisting can be applied manually to yield some protection. Mitigations like manually monitoring process listings to see if any strange applications are running and then ending that process/application if it seems to be running when it shouldn’t be.

How to detect if a system is ‘Hacked’?

There are many ways to detect if your ICS is hacked but without the use of sophisticated forensic tools, a qualitative assessment is usually an acceptable method for most ICS users.

Observable indicators of compromise (OIC)

• System runs slowly. This could be due to malware background processes running.

• System takes overly long to boot. This could be possibly due to hacker hardware drivers loading.

• System makes strange noises at odd times or at startup. This could be due to malware hardware driver being poorly coded.

• System applications do not run as desired, for example, the system update, system restore or anti-virus not being able to update is an indicator that the system has been hacked.

• You find web services, such as web searches, are redirected to unusual sites due to a Malware/Adware compromise.

In general, should any of the above occur, it is wise to contact an IT security professional to resolve the problem. Additionally, once the near term issue is resolved, the computing asset should be rebuilt with fresh OS load media during the next maintenance shutdown.

Can cyber defence be this simple?

Industrial networks offer huge advantages when secured properly. There is always the potential for a hacker to compromise your control system, however if you secure your systems, even to a basic level, most attackers will proceed to easier targets elsewhere.

The biggest issue today, in industrial networks, is the concern with disruption and loss of control.

Cyber security may be inconvenient but if you do implement it, you can still maintain operations within safety margins. Deployment of industrial networks with the above cyber defensive practices makes them more dependable and allows organisations to enjoy the benefits of increased connectivity.

For more information contact Christie Cronje, Yokogawa South Africa, +27 (0)11 831 6300, [email protected], www.yokogawa.com/za



Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Turning system integrators into trusted technology partners
Schneider Electric South Africa IT in Manufacturing System Integration & Control Systems Design
Schneider Electric’s Alliance Partner Programme is repositioning system integrators from hardware suppliers into lifecycle-value partners. Oriel Soupen explains the competency framework, certification model and real-world results that are already helping African system integrators win higher-value, longer-term engagements.

Read more...
Why renewable projects need integrated protection and control
IT in Manufacturing
Fragmented secondary plant integration in renewable energy projects causes costly delays during commissioning. ACTOM Protection and Control’s Secondary Plant Integration solution consolidates all secondary systems under a single engineering framework, reducing risk and accelerating grid

Read more...
When digital twins move from concept to critical tool
IT in Manufacturing System Integration & Control Systems Design Maintenance, Test & Measurement, Calibration
Digital twins are moving out of the lab and onto the mine, the factory floor and the transport network where they predict failures before they happen. Amritesh Anand looks at where they earn their keep, the data and integration work behind them, and the security questions every organisation should ask before switching one on.

Read more...
How a digital foundation can overcome the LNG trilemma
Schneider Electric South Africa IT in Manufacturing SCADA/HMI
The LNG sector is racing to add capacity, but without a digital backbone, growth creates complexity rather than capability. Christophe Begat of Schneider Electric explains how connecting data, systems and analytics across the LNG value chain can resolve the trilemma of secure supply, lower emissions and tighter costs.

Read more...
Decarbonisation is reshaping mining strategy in Africa
Schneider Electric South Africa IT in Manufacturing Electrical Power & Protection
Mining companies across Africa are embedding decarbonisation into operational strategy, driven by investor, regulatory and customer pressure to reduce emissions while improving resilience.

Read more...
Siemens and HighByte partner to scale industrial AI
Siemens South Africa IT in Manufacturing Fieldbus & Industrial Networking
Siemens is expanding its Industrial Edge ecosystem through a partnership with HighByte, enabling customers to connect, contextualise and transform data from operational technology and information technology sources to build AI models and applications at scale.

Read more...
Africa on the edge of a digital future
Schneider Electric South Africa IT in Manufacturing
Edge computing promises lower latency, stronger reliability and real-time responsiveness across Africa, yet its rollout keeps colliding with one stubborn obstacle, power. Steven Santini explores how renewable microgrids, smart energy management and the right partnerships could turn the continent’s energy gap into its biggest edge opportunity.

Read more...
3D electrical systems design workflow for electromechanical innovation
Siemens South Africa Fieldbus & Industrial Networking IT in Manufacturing
Siemens has announced new 3D electrical design capabilities within its Capital software, enabling electrical and mechanical engineers to work concurrently in a shared 3D environment to reduce late-stage design changes and accelerate time to market for complex electromechanical products.

Read more...
Optimising energy reliability for African manufacturing
Electrical Power & Protection IT in Manufacturing
Unreliable power can cost African manufacturers as much as 31% in sales. Behind-the-meter power offers manufacturers in sub-Saharan Africa control, visibility and resilience in their energy provisioning.

Read more...
ISO 42001 helps organisations prepare for the realities of AI governance
IT in Manufacturing
A security specialist at Galix explains how a new international standard helps organisations build structured governance around their use of artificial intelligence.

Read more...









While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd | All Rights Reserved