Cyberattacks have increased since the COVID-19 pandemic. While information technology (IT)/operational technology (OT) convergence remains a hot topic, the conversation about cybersecurity for industrial control systems (ICS) has fallen on deaf ears in some cases. The evolution of ICS over the past 20 years has migrated designs away from safer proprietary networks and protocols to introduce common IT architectures and components into the OT network. This migration has involved implementations ranging from fragmented installations never maintained, to smart and sophisticated systems that are often maintained and updated (see Figure 1).
In either case, the evolutionary shift of connecting the plant floor to the IT datacenter has created exposure points with the potential to disrupt an industrial operation or create safety incidents that lead to damage, injury or fatalities in the worst possible case. More often, companies are being held ransom. There are national security breaches and interruptions to the global supply chain, leading led to immeasurable consequences. Cybersecurity is a critical component for businesses of all sizes, from local manufacturers to global industrial companies. It is no longer just an IT department problem; it’s also a critical OT component of ICS design, regardless of scope or size.
Elements of effective cybersecurity
Effective cybersecurity in any network employs well designed standards, thoughtful planning and consistent implementation. But the most important component of a comprehensive strategy is building the value of cybersecurity into the culture of the organization. If every member of the organization believes in the importance of keeping all business systems safe, secure and robust, the cybersecurity implementations are more likely to be successful. This is true on the OT network, which is often the most vulnerable. Engineering departments prioritize uptime and safety, keeping processes running and product going out the door. Cybersecurity is a key component, but real-world problems on the plant floor often take precedence. Intangible potential threats from the outside are harder to internalize into the built-in risk registers we operate against every day.
This vulnerability can be a difficult obstacle to overcome. Larger companies with mature IT organizations tend to dictate “thou shalt comply” to all who connect to their network. This can lead to friction when IT/OT convergence is not properly implemented. When IT and OT systems are interconnected on IT-owned equipment, it can wreak havoc on production environment. If system cybersecurity updates are deployed by an IT department without proper evaluation against the ICS, this can prevent machine communication and shut down production. When production is down, the number one focus becomes “how do I get my process back up and running safely?” Meanwhile, engineering must unravel what occurred to get systems back online and functioning.
Ideally, they will work with IT through this process to ensure they do not open themselves to cybersecurity vulnerabilities as they get their process back up and running, but this does not always happen. In another scenario, smaller companies may have their engineering department perform all IT and OT tasks. Production is the primary focus, and sometimes cybersecurity-related IT tasks fall behind. Then malware or ransomware infiltrates the network and production is not even possible.
In our new reality, cybersecurity has become a necessary mentality, skillset and investment for manufacturers of all sizes and industries. However, in the rush to implement secure networks, manage access control and shield industrial access, many companies are not prepared for the impact of cybersecurity on IT/OT convergence. Taking time to understand the impact of IT security on OT assets is necessary to ensure the most secure and usable cybersecurity implementations. Education, understanding and setting the proper expectations are essential to a successful deployment. These activities help transform the team’s mindset by placing cybersecurity a close second to safety as they work to get their processes restored.
Working with operational teams across a range of industries, we often see network segmentation and access control tend to have the most operational impact. These areas affect not just which devices can communicate between each other, but also who can use those devices.
Before the adaptation of IT-networked components in the ICS world, control networks were proprietary and often vendor-specific. Network segmentation was a virtue of the limited interoperability between different network types and protocols, as well as the ability to design physical separation of systems. These types of networks were relatively secure with limited exploit potential.
Modern ICS based on Ethernet network designs are wide open out of the box. The unmanaged nature of this kind of network leaves major cybersecurity gaps. Without security measures in place, the environment is vulnerable and significantly increases risk for uncontrolled access to critical system components.
By design, most network hardware can be configured for proper network segmentation to limit network access. By securing the network perimeter, we can limit the access coming in or out of the plant floor. And by segmenting the network, we can prevent devices on the plant floor from accessing other systems. This is a foundational tenet of the defense-in-depth strategy where multiple layers of protection are installed to limit an attacker’s ability to access the system. Does all this sound complicated? It’s not when you engage the right people who understand how to implement network segmentation on OT systems.
While the ideology has been around for a long time, the implementation in a modern ICS can be intricate. Systems integrators specialize in designing these controls early in the project lifecycle. Complexity of design scales with size, third-party interfaces and types of equipment employed in the ICS (see Figure 2). The typical plant engineer focused on process or machine uptime and optimization does not have the skillset to implement and maintain this system. This results in additional manpower for the end user — a place where a system integrator can help. Troubleshooting this system requires the right skillset: Significant IT knowledge in an OT world.
Process control networks that enable the plant floor to work together can expose control systems to threats from more than just the network. Access control is now of primary concern for operators and system integrators as many control system assets are accessible from any location on the process control network. While network access capabilities provide huge benefits, they come with the need to implement secure access control for all involved systems.
For plant operators, this can mean noticeable changes to the operating procedures used by plant personnel. Easy passwords and post-it notes stuck under keyboards allow unauthorized users to put plant operations and uptime at risk, trading short-term convenience for long term security. Generic administrator and engineering accounts lack the security and accountability of named user accounts. These oversights allow outside attackers an easy foothold into the ICS and automation devices it controls.
The most common access control system is Microsoft’s Active Directory. Active Directory is a bedrock of enterprise access control and user management schemas. When implemented properly, it is a secure way to manage users and permissions across the plant floor. Most control systems have native integration with Active Directory, providing a single secure, centralized location to manage users. System integrators can work with teams to implement Active Directory in alignment with the way the plant operates.
As control systems have continued to evolve, the infrastructure required to support them has grown in step. Commercial off-the-shelf (COTS) IT infrastructure provides improved capabilities and a support base of skilled personnel capable of maintenance and implementation. Just as we have adjusted to the inclusion of technology in our daily lives, we must adjust to the inclusion of technology on the plant floor. Most users would agree rapid communication across the plant floor, gathering data from all aspects of the manufacturing system and centralizing process control, far outweigh the risks. However, we must understand and reduce those risks to protect the safety and data of our operations. Working closely with subject matter experts and setting the proper expectations lay groundwork for a successful journey through the impact of cybersecurity on IT/OT convergence.
As you work through process control network design and begin to see separate domains of communication, ask how this will affect operational personnel. Do they know which systems are able to communicate with each other? Is their understanding when they’re unable to reach a device or server the network is broken? Or is this operating as designed? Setting these expectations provides a sense of understanding and allows operations personnel to take ownership of the systems relying on this infrastructure.