- July 31, 2020
- Industry Update
Virtual Cybersecurity Standards Implementation Conference debuts
No simple recipe exists for how to secure an industrial automation and control system (IACS). Every IACS presents a different risk to its organization depending on the threats it is exposed to, the likelihood of those threats arising, the inherent vulnerabilities in the system, and the consequences if the system were to be compromised. That is why multiple perspectives and experiences must be considered when implementing cybersecurity safeguards. ISA gathered those perspectives and resources in one place—despite a global pandemic and associated travel restrictions—to present its first Cybersecurity Standards Implementation Conference (CSIC) in a virtual format.
The virtual CSIC brought together industrial cybersecurity experts from multiple industries and geographies for a one-day event in July that users could attend from the convenience of their desk or phone. The eight presentations, which varied in format from PowerPoint presentations with audio voiceovers to live video, focused on IACS cybersecurity awareness and solutions based on ISA/IEC 62443, a consensus-based series of industrial cybersecurity standards. The event included chat-based questions and answers after each session, and a separate “show floor” presenting virtual booths and downloadable resources from vendors including PAS, ARMIS, and Dragos.
ISA’s unique role in supporting IACS cybersecurity was evident by booths and resources from its departments and supported organizations: the ISA Cybersecurity Alliance (ISAGCA); ISA Security Compliance Institute (ISA Secure), provider of IEC 62443 certifications; ISA training, offering a range of ISA/IEC 62443 courses; and ISA publications.
Those who could not attend the live event can still benefit. The presentations were recorded, and registered attendees received access to session webinars on demand for 30 days following the event. ISA’s virtual events program team also plans CSIC+, scheduled for Tuesday, 25 August 2020 at 9:00 AM – 1:00 PM CDT. Multiple webinars on that day will cover additional IACS topics, including the future of cybersecurity from a hacker’s perspective and how to hunt ransomware. Find out more at https://isaautomation.isa.org/virtual-events-program-cybersecurity.
M12 connector standard established
Eight manufacturers known for making M12 connectors—Phoenix Contact, HARTING, Molex, Murrelektronik, Binder, CONEC, ESCHA, and Weidmüller—have come together to establish a standard for the locking mechanism. The goal of ensuring compatibility across manufacturers has been met by IEC 61076-2-010, a standard that describes both external and internal locking utilizing the push-pull mechanism. The vote on the standard was approved with 92.9 percent in favor.
OPC Foundation adds Google Cloud as member
The OPC Foundation welcomed Google Cloud as the latest addition to its 773-member community. Google Cloud provides enterprise-grade cloud solutions that use Google’s technology with interoperability, infrastructure, platform capabilities, and industry. In line with its Industry 4.0 effort, Google Cloud will use the OPC UA open standard to incorporate machine data into analytics and artificial intelligence solutions.
OPC UA is an industrial, protocol-agnostic framework for the IIoT and Industry 4.0 that contains mechanisms for secure, reliable, manufacturer- and platform-independent information exchange. It scales from the sensor to the MES/ERP level and into the cloud, and includes a built-in cybersecurity mechanism.
Report: USB threat risk to industrials doubles over past 12 months
In a new report based on cybersecurity threat data collected from hundreds of industrial facilities globally, the severity of threats detected to operational technology (OT) systems has risen significantly in a 12-month period. An important vector of vulnerability is USB removable media.
The findings of the Honeywell Industrial USB Threat Report, released in July, show that the amount of threat posed by USB removable media to industrial process control networks remains consistently high, with 45 percent of locations detecting at least one inbound threat. Over the same time period, the number of threats specifically targeting OT systems nearly doubled from 16 to 28 percent, while the number of threats capable of causing a loss of view or other major disruption to OT systems more than doubled, from 26 to 59 percent.
“USB-borne malware continues to be a major risk for industrial operators,” said Eric Knapp, director of cybersecurity research and engineering fellow, Honeywell Connected Enterprise, Cybersecurity. “What’s surprising is that we’re seeing a much higher density of significant threats that are more targeted and more dangerous. This isn’t a case of accidental exposure to viruses through USB—it’s a trend of using removable media as part of more deliberate and coordinated attacks.”
As the second most prevalent attack vector into industrial control and automation systems, USB devices play an important role in attacks that target OT systems. The report shows that one in five of all threats was designed specifically to leverage USB removable media as an attack vector. In recent years, such attacks have included Disttrack, Duqu, Ekans, Flame, Havex, Industroyer, and USBCulprit.
More than half the threats were designed to open backdoors, establish persistent remote access, or download additional malicious payloads. These findings are indicative of more coordinated attacks, likely attempting to target air-gapped systems used in most industrial control environments and critical infrastructure, said Knapp.
The Honeywell Industrial USB Threat Report examines data collected from Honeywell’s Secure Media Exchange (SMX) technology, which is designed to scan and control removable media, including USB drives.
NATO, Siemens deepen collaboration on power grid cybersecurity
Siemens Smart Infrastructure and the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) have signed a memorandum of understanding to continue to cooperate on cybersecurity for critical infrastructure worldwide and advance their existing cooperation on cybersecurity training related to power grids.
NATO CCD COE, located in Tallinn, Estonia, was established in 2008. It engages in research in four core areas: technology, strategy, operations, and law. The CCD COE annually organizes a high-level cyberdefense exercise called Locked Shields to build up defense capabilities.
Locked Shields is designed to train cybersecurity response teams to defend against massive cyberattacks. Siemens has teamed up with NATO CCD COE since 2017 to include complex power grid scenarios for Locked Shields that use Siemens Spectrum Power grid control software and Sicam A8000 remote terminal units.
In the exercise, the defenders have to set the defense lines of a complex infrastructure, including various systems and applications that should withstand massive cyberattacks executed by a large group of hackers. Keeping the lights on while performing threat hunting, reporting attacks, and recovering the system are some of the challenging tasks the cybersecurity experts learn to deal with.
Colonel Jaak Tarien, director of the NATO CCD COE said, “With the aim to reinforce the interaction amongst different cyberdefense stakeholders, to deepen cooperation and exchange of best practices, this agreement takes our cooperation to a new level. Our societies rely on strong and resilient critical infrastructure. Accordingly, there is a real value in our partnership to advance cybersecurity together with the key industry partners.”
The way grids are operated and managed has changed fundamentally in the last years with the integration of more renewable and decentralized energy sources, according to Siemens. The need for network optimization, interaction between “prosumers,” and the number of new market participants have all significantly increased.
We want to hear from you! Please send us your comments and questions about this topic to InTechmagazine@isa.org.