THE BLOG

Putting Industrial Control System Operators In The Security Driving Seat

15/12/2016 15:41

Industrial Controls is a coined term that encompasses a number of control systems that are present, predominantly within industrial production. These controls are managed through remote stations, both automated and operator driven, distributing commands to manage supervision, control and production.

However, as industrial controls manage power, transport, water, gas and other critical infrastructure, the potential disruption and resulting downtime from any issue to these systems can have a significant impact to national infrastructure.

This was explicitly highlighted in the Ukraine power station hack that took place in late 2015. Phishing emails were sent to the power companies containing malware that permitted the exfiltration of information and credentials to control systems, cutting off power to nearly 250,000 homes and businesses in western Ukraine.

It has also been claimed that the structure of the Ukrainian grid, and the supporting equipment and technologies they utilise, are used in the power stations of other countries - a worrying factor to consider.

A key challenge to be addressed is the ongoing service, repair and management of industrial control systems in the ongoing drive to improve security and correct known issues. Historically this has been deemed near on impossible with legacy systems as downtime, for a large energy provider, could result in whole towns or cities being left without power.

The rise of internet enabled control systems and solutions has demanded forms of remote access for repairs, and has necessitated instant communication between the operations and security teams, as well as the support advisors themselves. Today, machinery can be monitored and accessed through mobile phone apps, and often service centres receive automated alerts from the machinery itself as a warning or in the case of a fault - these technological advances are transforming processes all round.

While modernisation has clear advantages, it also exposes new risks. For instance, if engineers accessing a system are using unsecure remote access tools, organisations can be left vulnerable to cyber-attacks such as 'backdoor' attacks allowing cyber criminals to piggy back off engineer's connections to gain authorised access to infrastructure and industrial systems potentially, then at liberty to cause serious damage.

In fact, on average, 89 vendors are accessing a company's network every single week, which means the opportunities for cyber-attacks against vulnerable and under protected systems is high.

Team this knowledge with the fact that many manufacturing organisations are layering new and exciting IoT solutions and processes on top of legacy systems; An inviting prospect is created for potential malicious individuals. These legacy systems, contradict the interoperability of IoT solutions and were in some instances created before the internet-era. Therefore, the communication, monitoring and remote management of these systems is just as outdated and is predominantly designed to only communicate point-to-point over unencrypted channels.

In a recent study, nearly three quarters (74%) of IT professionals stated that they are worried about breaches coming from connected devices over the next year, as the number of entry points an attacker could use is growing at an exceptional rate.

Unfortunately, lots of new products are being fast-tracked into use by manufacturers keen to exploit the cost saving efficiencies that Industrial Internet of Things (IIoT) can deliver and gain the competitive advantage. In the hurry to make everything "internet-enabled", security can sometimes be overlooked, and businesses have to ensure someone isn't creating or opening a backdoor into the network.

A possible solution to ensure organisations can stay on top of these market developments is to guarantee visibility of which authenticated & authorised individual is accessing which system at any time. Privileged Access Management (PAM) solutions can give companies the convenience of secure remote access as well as the auditable history of what actions were affected to their systems leading to peace of mind. Through PAM, IT managers can control and monitor each user on their system, audit their third-party vendors and suppliers who come onto the network and limit what they can and can't access. The PAM not only ensures the security of access but also manages the point-use of credentials used to interact with critical infrastructure. This level of security can also give users, both internal and external to the organisation, different levels of authorised, audited access empowering IT or OT departments should they need to investigate something untoward.

Only by deploying this level of visibility will manufacturers and industry alike have complete confidence in the security of their systems. With cyber-security breaches on the rise, if the manufacturing industry must act now to safeguard and gain full control over systems, the consequences could be wide spread, highly damaging and affect us all.

Comments

CONVERSATIONS