Steps to achieving industrial cybersecurity
Industrial cybersecurity is often referred to as a journey — and that term is an important one, because it is not a product you can buy or a box you can tick, but a range of solutions and policies which may look very different from organisation to organisation.
The most important first step is education about the systems and the methods of communication — to understand the different points of access and paths used between your devices.
It should be no surprise then that my first point of advice is usually about physical security — which for some sites is more difficult than for others. For example, power stations usually have a fence surrounding the entire site and a gatehouse allowing entry only to authorised personnel or those being accompanied. Many manufacturing organisations have large sites but not always good control of who is coming or going. Water authorities have the problem of many small and remote sites that are often not manned.
Once physical security is covered, the next question that we should ask is: what happens if someone gets past our physical security? If they open the cabinet, what will they find? If they connect to a network switch, what will they be able to access?
In the case of device and network security, the solutions are going to be based upon the configuration of the software inside each device — and this level of security becomes quite difficult at times, as in many cases the ideal configuration options might not be available in your hardware.
Device security consists of ensuring that you use good passwords with enough complexity, as well as disabling insecure protocols such as telnet and HTTP in favour of SSH and HTTPS. Each device may have additional basic security settings to adjust, such as any discovery protocols that share information or enable configuration of the device without authentication (PLC discovery/browse protocols, for example).
Network security involves creating areas inside your control system that are isolated from others — with control mechanisms to ensure traffic has to flow through specific conduits so that you have control of which devices in any given area can talk to any other area. This concept is referred to as ‘zones and conduits’, with each area being a zone and specific paths between those zones being the conduits.
Firewall devices are an example of a conduit that acts as an interface between two zones with specified rules that determine which traffic can pass from one side to another. Another example of this is the Access Control List usually present in a Layer 3 switch. For circumstances where it’s not so simple to define which devices should talk to each other and you need a tighter level of control — including the ability to control the types of messages between two devices — a deep packet inspection firewall can be used.
You also have to consider vulnerability to virus and malware attacks, which requires you to be monitoring your assets’ firmware and configuration to ensure a safe state is maintained over time.
Today change management and network monitoring solutions offer many options for users to ensure that all the configuration files are maintained, and that all the devices in your network that have known vulnerabilities are flagged for updates.
Industrial cybersecurity has come a long way, and the industry is in a very mature state with many great solutions for users who are interested in ensuring that their industrial networks are secure and reliable.
The recent series of cyber attacks on Australian organisations has highlighted the need to place...
If 2020 has taught us anything so far, it's that we must never be complacent.
Advice on how to realise the dream of implementing successful predictive maintenance applications.