Industrial automation platforms have moved beyond delivering basic functionality, and are now being tasked with significant industrial IIoT data aggregation and analytical functions. Every device is becoming smarter and more interconnected than ever before, and the available data is valuable, but must be available where and when it is needed. To realise maximum value, seamless and transparent connectivity is needed from the plant floor to the cloud. The internet and higher-level enterprise computing resources are instrumental in transmitting and processing data.
How we got here
Cybersecurity concerns surrounding industrial automation systems are exacerbated by the intersection of many past decisions. While digital assets have been implemented within industry for over three decades, only recently did cybersecurity become an equal or greater concern than basic functionality. In fact, when the earliest devices were deployed there really weren’t any cybersecurity practices in place. The greatest protection considered at that time was to isolate these devices, creating islands of automation that were relatively difficult to access from a physical perspective, and which lacked widespread accessibility via networking. This was a secure design approach at the time based on available technologies, but is unacceptable for meeting modern business needs.
While newer installations and retrofits have some opportunity to use more secure digital devices, the reality is that many older and insecure assets remain in service for decades without any security updates, and sometimes without any available support. Meanwhile, cyber-threats have accelerated in both quantity and sophistication. With wireless networks and USB devices, physical isolation is simply no longer feasible. Isolation is in direct conflict with the need for comprehensive and legitimate access to all types of industrial digital devices, especially as these devices gain significant intelligence and can supply valuable data.
Recognising the need for cybersecurity is imperative, but simply adding cybersecurity to existing devices is not a complete answer, because it is a bit like adding a locked steel door to a cardboard box to keep unwanted intruders away from the contents. Because many protocols and devices at the very fundamental levels of OT systems were designed without security in mind, and they lack the most basic of cyber-defence mechanisms, no amount of patching can fix them. Cybersecurity provisions must instead be built in to provide the necessary defence-in-depth.
Why some cybersecurity schemes are problematic
Efforts to incorporate cybersecurity have progressively improved over the years. Sometimes suppliers have tried their own tactics, but because the commercial IT arena maintained a significant headstart in the field, most of the best approaches have trickled down from this sector. In fact, custom or proprietary measures can be less secure than those based on open standards, which typically originated in IT.
In some cases, device vendors have implemented cybersecurity using a proprietary chipset associated with their own firmware. Proprietary elements are not open to easy inspection by industry experts, and remain at an ongoing risk of being compromised by malicious persons. Once in-house companies develop cybersecurity firmware, they must commit to curating and updating this firmware continually so that affected products remain secure. This means they must shoulder all the burden of finding vulnerabilities and fixing issues, without the community verifying solutions and providing assistance. Outdated hardware is nearly impossible to remedy without complete device replacement, and running with old firmware also introduces unacceptable vulnerabilities by failing to address the latest types of attacks.
Another more nefarious issue regarding proprietary cybersecurity provisions is that the provider must also establish protective measures when security updates are deployed. Even if the cybersecurity hardware and firmware plan is viable, attackers with sufficient skills can develop ways to create their own modified firmware, which becomes deployed and opens the door for hacking. In some cases, users are unable to trust any future firmware upgrades, but upgrades are needed to provide protection against newer threats. Although it may seem non-intuitive, open standards provide a more secure approach.
Open standards reduce risks
While some industrial suppliers have pursued proprietary hashing algorithms and other methods, a better solution for industry is to follow the proven and massively deployed best practices of the commercial IT sector. This has a far larger installed base of digital devices than the industrial world. OT designs can leverage the best of what the IT world has developed, and also learn from their mistakes.
For example, a few industrial suppliers offer all firmware and software applications via a curated repository, so qualified users have easy access. Each of these software packages is digitally encrypted and signed using industry standard strategies and open standards, including public and private keys. In this way they are utilising proven secure methods to deliver important updates to customers, leveraging the best of what has proved to work.
With open tools placed in the user’s hands, design and support personnel are set up for success. They can always download the latest software, confirm it is digitally verified, and install it on the target device or their computer. It is also possible to confirm that the proper digitally-verified version is on a target device like a PLC/PAC or an edge controller, so users can audit their site, instead of continuing to run on outdated versions for years because they fear updating their system.
Note that there is a difference between encryption and cybersecurity. Encryption in this case involves the delivery method, which serves to ensure the right firmware/software is obtained. Once this is in place, users can install it and benefit from having the latest secure version in operation. Cybersecurity is a much wider topic, with encryption as a subset.
Search out more defence layers
Users should look for industrial platforms that have incorporated other open and standard cybersecurity technologies as they pursue a complete defence-in-depth approach for their projects. For example, some industrial platforms use Trusted Platform Module (TPM), which has a dedicated microcontroller onboard to perform cryptographic and authentication tasks. This can address security at all levels, making things as secure as possible, while still providing the functionality customers need.
Secure Boot can also be incorporated into digital devices. This checks that the boot loader and all associated software images are signed with a cryptographic key authorised by the product vendor. Secure Boot is a security standard developed by the PC industry and used by the Unified Extensible Firmware Interface (UEFI) in conjunction with a device’s BIOS. It prevents devices from being hijacked by malicious actors, or modified to provide covert access.
Developers, and especially OEMs, will want to make sure their industrial automation and computing platforms offer encrypted passwords, and the ability to lock and encrypt applications developed on those platforms. This is partly to protect intellectual property and prevent unauthorised changes in the field; but effective passwords and application locking also serve as additional cybersecurity layers, preventing them from being modified by unauthorised individuals. Similarly, when automation products need to communicate amongst each other or with higher level computing resources, encrypted industrial communication protocols such as OPC-UA Secure are preferred.
Design practices and procedures represent an important aspect of cybersecure systems. Leading automation providers will test their products to ensure they can withstand cybersecurity threats. Designers should comply with widely accepted industry standards such as ISA/IEC 62443, which defines the requirements and processes involved with implementing and maintaining cybersecure industrial automation and control systems. Proactive users will audit their installations to confirm ongoing performance of their installations.
Achieving secure-by-design solutions
Secure connectivity from the plant floor to the cloud is no longer a nicety for industrial automation and data processing systems, it is an imperative. Traditional OT products simply were not built to deliver the level of cybersecurity which must accompany this expanded connectivity. Malicious actors are increasingly targeting OT environments for a wide variety of reasons, and industry must be prepared. Add-on cybersecurity, or worse yet, ineffectively created custom cybersecurity, leaves operational facilities vulnerable to attacks that can cripple production, cost a great deal of money, and even introduce safety and environmental hazards.
Open standards, especially those developed and leveraged from the large base of IT technologies, provide the best answer for the OT industry. Developers need to build their automation solutions based on these types of standards, using industry-leading products with key security features built in. Examples are digitally signed and encrypted firmware/software, secure boot, and encrypted passwords/applications. By following a robust, tiered approach, developers and OEMs can provide the best possible cybersecurity for their automation and IIoT solutions.
| Tel: | +27 11 451 3700 |
| Fax: | +27 11 451 3800 |
| Email: | [email protected] |
| www: | www.emerson.com |
| Articles: | More information and articles about Emerson Automation Solutions |
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version