The path to cybersecurity
By William Aja
Cybersecurity is a big challenge for modern manufacturers. At an ISA conference a few years ago, I heard a panel discussion where an expert was asked why we did not see more cyberattacks on manufacturers. The expert responded, “hackers probably don’t know where to look; most people don’t even know what a PLC is.”
Although there is some truth to this, another reason is that, until recently, automation infrastructure was safe by design. Cyberattacks rely on a lot of factors for success, but they penetrate defenses through an attack surface. An attack surface is a place where an attack is capable of penetrating and infecting. Imagine your plant like a house, and cyberattacks are burglars trying to get in. Windows, doors, and garages represent attack surfaces that need to be defended.
Traditionally, control systems had very few attack surfaces due to their network design. Computers and server infrastructures sat segregated behind firewalls, and connected devices and input/output (I/O) networks were shielded from attack.
As more functionality is demanded of control systems, this architecture has evolved, introducing new functionality, but also increasing attack surfaces. In some cases, this increase is obvious, in the form of expanding computer and server infrastructures, applications that require enterprise connectivity, and unmanaged laptops used for troubleshooting and code changes. In some cases, the attack surface grows in ways that are not immediately obvious, in the form of smart coffeemakers, Industrial Internet of Things (IIoT) devices residing at the I/O layer, security cameras, and telemetry devices. Although the main control network may sit behind a firewall, these devices often have their own connection to the enterprise network.
There have already been assaults on these new attack surfaces. Late last year we saw a record-breaking distributed denial-of-service (DDoS) attack that was orchestrated using Internet security cameras. Earlier this year, an attack was discovered called Crash Override, which could map industrial networks and unleash an attack on vulnerable smart devices. It activated on its own, and took down an entire Eastern European power grid. Then in June, there was a report that a smart coffee machine became infected with malware that spread to several outdated Windows machines on the control network, shutting down a plant. In late July, Industrial Control Systems – Cyber Emergency Response Team (ICS-CERT) issued a report of vulnerabilities on a well-known telemetry device that caused it to transmit fraudulent data and unleash DDoS attacks meant to cripple internal networks.
The point is that as we demand more functionality and connected features from our control systems, we are increasing our risk for attack. The solution is not to abandon these features in favor of security, or disconnect from the enterprise all together (a method that proved ineffective against WannaCry and NotPetya attacks), but rather to design systems to minimize the potential attack surfaces and create a robust and constantly evolving defense strategy.
One of the most critical pillars of all cybersecurity plans is patch management. Staying up to date on the latest operating system and application patches ensures your infrastructure receives critical security updates meant to eliminate vulnerabilities. Unfortunately, companies often adopt one of two equally flawed patching strategies that leads to exposed attack surfaces and frustrated staff.
The first is the deploy-all-patches method, which deploys patches that are not tested or approved by automation vendors, breaking automation systems and causing data quality issues and downtime events. Burnt by the results of this method, manufacturers may then adopt the deploy-no-patches method, which avoids downtime events from unapproved patches, but does not deploy critical security updates either. Networks are often air-gapped as a way to remediate this problem, but even air-gapped and segregated networks can be infected, as seen by the most recent malware attacks.
There are companies that work with manufacturers to implement designs with minimal attack surfaces and develop security platforms to manage patches for automation systems that ensure only vendor-tested and approved patches are deployed onto industrial control networks. My company uses this tool to manage our internal computer infrastructure, and it is available for manufacturers to deploy internally, as well.
The automation community needs to recognize that it is a collective social responsibility to protect our manufacturing plants, which produce so many products that are essential to our economy. The path to a full-fledged cybersecurity plan can seem overwhelming, but by simply decreasing attack surfaces and having robust security methodologies, you will be well on your way to a safer, more secure plant.