How to implement layered industrial cybersecurity in volatile times

Courtesy: Brett Sayles
Courtesy: Brett Sayles

Industrial Internet of Things (IIoT) systems and Industry 4.0 have been touted as the key to next-generation productivity. In a rapidly digitizing business environment, taking advantage of the most efficient and powerful technologies is a requirement to stay competitive.

But here is the drawback: As digitalization offers increased connectivity, it also can expose networks to cyber threats, leaving critical manufacturing, infrastructure and transportation hardware or software with functionality exposed to public or private networks. The more exposure and points of access there are, the more avenues there are for malicious actors.

The current volatile world environment contributes to the risk, with malware designed to target industrial infrastructure and hardware being deployed as part of the Russian war in Ukraine. These state-sponsored malware threats may initially be isolated to targets dictated by the country that created them, but once used these vulnerabilities become known and the malware spreads to other bad actors.

Cyberattacks are more than a major financial risk, they can also affect future business. There is a significant risk to a company’s reputation. Competitors can use the attack as a selling point against you, customers may lose trust and investors can lose confidence. A remote takeover or unplanned shutdown due to an attack can also have knock-on effects such as environmental or logistical issues that could take months to resolve.

Industrial defense in depth

With the increase in risk and attack frequency, completely protecting industrial hardware and systems from cyber threats is more critical than ever. Comprehensive protection does not mean a single solution or procedure. It is a layered approach intended to blunt attacks at three levels: physical, network and systemic. With ‘defense in depth’ (DID), protection is broad in scope and layered (in depth). DID ensures multiple layers of security, protecting a facility and its assets even if one layer is breached.

  • Plant Security: Methods and procedures to prevent unauthorized persons from gaining physical access to critical components or systems. A key focus is determining what personnel, devices and information are granted access into and out of a key area, including adopting procedural changes to processes and policies.
  • Network Security: Securing networks and limiting network and port access to verified and trusted devices that are supposed to transmit data.
  • System Integrity: Designing automation systems and machines with integrated cybersecurity protections for control components.

Only by implementing both all-around and in-depth protection can a company truly secure industrial operations. Fortunately, there are tools and best practices to achieve each of these and to help you mount a strong, layered defense against cyberattacks.

Defensive layers

Mitigating the risk of cyberattacks cannot be an afterthought; it has to be an integral part of business processes, software and machine design. Industrial cybersecurity is unique because the stakes are substantial, and industrial systems are high-value targets for malicious actors. There is risk to individual machines, to the facility and to the business. There is an even more serious risk to life in some cases. Creating a cyber-risk taskforce that includes stakeholders at all levels of the business can help devise a layered defense that encompasses software, hardware and key business processes.

Physical security is probably the most familiar to everyone, but it is still one of the most critical aspects of securing systems from attack. Maintaining control of the plant’s physical boundaries is important, but that is not just putting a lock on the front door. Physical security starts with conventional building access and extends to the securing of sensitive areas in zones. This is based on who needs access and the risks associated with certain areas or equipment, including ensuring all approved users develop the skills and methods for connecting devices securely and maintaining security protocols. Comprehensive plant protection requires risk analysis, the implementation and monitoring of suitable measures, and regular updates through an ongoing analysis and implementation process.

Network security is focused on protecting networks against unauthorized access. A key challenge for integrated Industry 4.0 communication between machines and outside of the facility is to additionally establish adequate protection of these open source, easily accessible systems. This includes the monitoring of all interfaces such as between office and industrial networks or remote maintenance access to the internet.

Monitoring and security of networks is accomplished through firewalls and, if applicable, by establishing a secured and protected “demilitarized zone” (DMZ). The DMZ is used for making data available to other networks without granting direct access to the automation network itself. This segmentation of the plant network into individually protected network cells minimizes risks and increases security.

Making cybersecurity a priority

System-level security leverages integrated security features, tools within PLCs (programmable logic controllers) and other components within the industrial control system (ICS). Protection of automation systems and control components excludes unauthorized access to someone’s automation processes from the outset as a way of preventing faults in production and protecting existing know-how.

For example, people can bind individual program blocks to the PLCs serial number or memory card, protecting R&D investments against unauthorized duplication of PLC programs. This prevents the duplication of projects and makes it possible to detect manipulation attempts. Implementing targeted measures to protect against a variety of threats is part of designing complete solutions. System-level security is a last line of defense, designed into the hardware itself, providing protection even when the physical or network security has been breached.

A normal cybersecurity environment full of risk, the attacks being perpetrated by malicious actors over the last month, and the new tools and attack vectors they are employing make industrial cybersecurity a critical priority for any business operating industrial hardware, automation or networks, whether in light manufacturing, utility services or any other industrial application.




Keep your finger on the pulse of top industry news