There has been an increase in cyber-attacks in recent times which have impact edmost sectors and were not limited to banking/military/financial, etc. This was not a matter of concern maybe a decade ago as most of the IT and OT networks were separate and not exposed to Internet. Today, it is a concern/alarm for the Industrial segment because of the fast-growing adoption of Industrial IoT(IIoT) or Industry 4.0. This is not only going to impact new products/devices but also legacy products/devices/systems, which are now exposed through IoT or Internet. Hence, it is important to secure both new and legacy systems/devices.
The conventional Industrial network topology can be viewed using ISA-95 layered diagram in Figure 2.Level 0 represents physical production setup and Level 4 represents various business planning and logistics applications. The Internet enablement at different layers could bring its own challenges while addressing cyber security threats.In this article, I am covering a case where Internet enablement is from Level-2 and above.
The difficulty of attack increases as it goes from Level 4 to 0. This is because of the different network layers, firewalls and the proprietary protocols (most of the legacy systems), wiring mechanism and difficulty in accessing the physical device. However, this does not mean that Levels 0 or 1 are safe. It just indicates that the difficulty level to reach that layer increases.
The impact of attack on the other hand is more at Level 2, where the whole plant process could be impacted. The impact could be like a short/long plant/process shutdown, wastage of materials, catastrophic incidents (in case of oil & gas/nuclear), information disclosure (plant automation), manipulation of data, etc.Level 2 is most critical and it has to be protected with better control mechanisms.The challenges in implementation control mechanisms increase going from Level 4 to Level 0. This is because of the lack of flexibility in changing systems or applications without having impact to critical CTQs.
Let us now look into aspects of Levels 0 and 1, where the physical equipment, processes, and sensors exist. The field network, sensors and wiring is mostly within the surveillance premises. The physical access to sensors or equipment is difficult in this case. There are some deployments (outside premises in case of large pipelines, storage tanks, etc.) where equipmentis installed in a large area and require some special attention for physical access of device and more security/surveillance. The percentages of such installations are comparatively less and most of the automation would be within premises of the factory, manufacturing plant, etc. The threat at this level includes manipulation of measurement data, disclosure of data, un-intended functionality, impacting field network, etc. There are also some W&M compliance devices which have some hardware protection for not manipulating configuration once it is locked. This lock is highly recommended for security aspects, which helps in avoiding not only configuration but also new firmware upgrade.Due to the lack of memory, necessity to meet scanning timing requirement, and less processor capabilities, it is very challenging to implement lot of security aspects at the transmitter level.This may change with time.
Level 2 is more important asthe devices (like Controllers, PLCs, Supervisory, gateway, etc.) connect to many sensors and actuators (transmitters), run control strategies to automate equipment/process, sends data to SCADA & other systems for process management & business planning, monitor processes, meet some compliances, etc. There are no issues of lack of memory or processing capabilities to implement security control strategies. The scanning and automation could be given higher priority and the security control mechanism should not impact the automation related functionality.Here, it is important to note that the security mechanisms should not impact on better user experience.Legacy devices need more importance as upper layers are going to be connected to the outside world (Internet) and it will expose the security threats on Level 2. There have to be innovative ways to solve these problems based on product line or deployed systems or use cases.
Levels 3 and 4 might have more interaction with Cloud or Internet and hence, might be at a higher risk of a security attack. Level 3 might have impact such as information disclosure (of company plant data, process, yield, etc.), manipulation of data (wrong reports, events, compliance issues, change in plant schedule, etc.) Level 4 might have impact like information disclosure (of employees, supply chain, order details, etc.), manipulation of data (supply chain, inventory), impact production (problem in ordering goods, unable to use tools, etc.) There has to be a proper firewall protection, white listing, certification based communication, proper authentication,and authorization mechanisms to protect against cyber-attacks. Cloud infrastructure is incorporating better security mechanisms and will require proper adaption in developing solutions.
Recent changes in industrial applications, relevance of IoT and cyber-attack threats are encouraging Industrial Automation providers to join hands or build partnerships with cyber security focused companies and come up with ways and means to solve the cyber threat problems in existing and new product/business lines. Some are acquiring cyber security focused companies or hiring ethical hackers to apply the knowledge in different business/product lines. While the time is right to be more focused,it is critical that these measures do not impact user experience and system performance.Soon, I expect, standards might pitch in to address this in a more common way and to build interoperability between systems.