Industrial automation platforms have moved beyond delivering basic functionality and are now being tasked with significant industrial Internet of Things (IIoT) data aggregation and analytical functions. Every device is becoming smarter and more interconnected and the available data is valuable – but it must be available where and when it is needed. To realize maximum value, seamless and transparent connectivity is needed from the plant floor to the cloud. The internet and higher-level enterprise computing resources are instrumental in transmitting and processing data.
However, increasing capability and connectivity generate greater cybersecurity concerns. Industrial-grade operational technology (OT) digital devices may be built to withstand physical extremes better than their information technology (IT) counterparts, but IT has a significant head start for providing cybersecurity measures. Internet connectivity and the adoption of Wi-Fi on the plant floor opens doors for bad actors to access all types of OT digital assets. Whereas the availability of industrial digital devices has traditionally been paramount, today confidentiality and integrity play equally important roles.
Proper cybersecurity simply can’t be added on – it is essential for automation platforms to offer built-in defense-in-depth.
How we got here
Cybersecurity concerns surrounding industrial automation systems are exacerbated by the intersection of many past decisions. While digital assets have been implemented within industry for more than three decades, only recently did cybersecurity become an equal or greater concern than basic functionality. In fact, when the earliest devices were deployed, there really were no cybersecurity practices in place. The greatest protection considered at that time was to isolate these devices, creating islands of automation that were relatively difficult to access from a physical perspective and were lacking in widespread accessibility via networking. This was a secure design approach at the time based on available technologies, but it’s unacceptable for meeting modern business needs.
While newer installations and retrofits have some opportunity to use more secure digital devices, the reality is that many older and insecure assets remain in service for decades, without any security updates, and sometimes without any available support. Meanwhile, cyber threats have accelerated in both quantity and sophistication. With wireless networks and USB devices, physical isolation is no longer feasible. It is in direct conflict with the need for comprehensive legitimate access to all types of industrial digital devices, especially as these devices gain significant intelligence and can supply valuable data.
Recognizing the need for cybersecurity, but simply adding it to existing devices is not a complete answer. It is a bit like adding a locked steel door to a cardboard box to keep unwanted intruders away from the contents. Because many protocols and devices at the very fundamental levels of OT systems were designed without security in mind, and they lack the most basic of cyber defense mechanisms, no amount of patching can fix them. Cybersecurity provisions must instead be built in in the proper manner to provide the necessary defense-in-depth.
Efforts to incorporate cybersecurity
Efforts to incorporate cybersecurity have progressively improved over the years. Sometimes, suppliers have used their own tactics, but because the commercial IT arena maintained a significant head start in the field, most of the best approaches have trickled down from this sector. In fact, custom or proprietary measures can be less secure than those based on open standards, which typically originated in IT.
In some cases, device vendors have implemented cybersecurity using a proprietary chipset associated with their own firmware. Proprietary elements are not open to easy inspection by industry experts and remain at ongoing risk of being compromised. And once in-house companies develop cybersecurity firmware, they must commit to continually curating and updating this firmware so that affected products remain secure. This means they must shoulder all the burden of finding vulnerabilities and fixing issues, without the community verifying solutions and providing assistance. Outdated hardware is nearly impossible to remedy without complete device replacement, and running with old firmware also introduces unacceptable vulnerabilities by failing to address the latest types of attacks.
Another more nefarious issue regarding proprietary cybersecurity provisions is that the provider must also establish protective measures around how security updates are deployed. Even if the cybersecurity hardware and firmware plan is viable, attackers with sufficient skills have sometimes developed ways to create their own modified firmware, which becomes deployed and opens the door for hacking. In some cases, users are unable to trust any future firmware upgrades, but upgrades are needed to provide protection against newer threats.
Although it may seem counterintuitive, open standards provide a more secure approach.
Open standards reduce risks
While some industrial suppliers have pursued proprietary hashing algorithms and other methods, a better solution for industry is to follow the proven best practices of the commercial IT sector – which has a far larger installed base of digital devices than the industrial world. OT designs can leverage the best of what the IT world has developed and also learn from their mistakes.
For example, a few industrial suppliers offer all firmware and software applications via a curated repository, so qualified users have easy access. Each of these software packages is digitally encrypted and signed using industry standard strategies and open standards, including public and private keys. In this way, they are utilizing proven secure methods to deliver important updates to customers, leveraging the best of what has proven to work.
With open tools placed in the user’s hands, design and support personnel are set up for success. They can always download the latest software, confirm it is digitally verified and install it to the target device or their computer. It is also possible to confirm the proper digitally verified version is on a target device like a PLC/PAC or an edge controller, so users can audit their site, instead of continuing to run on outdated versions for years because they fear updating their system.
Note that there is a difference between encryption and cybersecurity. Encryption in this case involves the delivery method, which serves to ensure the right firmware/software is obtained. Once the proper firmware/software is in place, users can install it and benefit from having the latest secure version in operation. Cybersecurity is a much wider topic, with encryption a subset. But this example shows an adoption method that can be applied across cybersecurity principles and specific needs.
The value of defense-in-depth
Users should look for industrial platforms that have incorporated other open and standard cybersecurity technologies as they pursue a complete defense-in-depth approach for their projects.
For example, some industrial platforms use Trusted Platform Module (TPM), a dedicated microcontroller on board to perform cryptographic and authentication tasks. Features such as TPM are an example of what can be incorporated in a product to address security at all levels, seeking to make things as secure as possible, while still providing the functionality customers need.
Secure Boot is another aspect that can be incorporated into digital devices. With it, the firmware checks that the boot loader and all associated software images are signed with a cryptographic key authorized by the product vendor. As a security standard developed by the PC industry and used by the Unified Extensible Firmware Interface (UEFI) in conjunction with a device’s basic input/output system (BIOS), Secure Boot prevents devices from being hijacked my malicious actors or modified to provide covert access.
Developers, and especially original equipment manufacturers (OEMs), will want to make sure their industrial automation and computing platforms offer encrypted passwords, and the ability to lock and encrypt applications developed on those platforms. This is partly to protect intellectual property and prevent unauthorized changes in the field, but effective passwords and application locking also serve as additional cybersecurity layers, preventing them from being modified by unauthorized individuals. Similarly, when automation products need to communicate amongst each other or with higher-level computing resources, encrypted industrial communication protocols such as OPC-UA Secure are preferred.
Design practices and procedures represent an important aspect of cybersecure systems. Automation providers should test their products to ensure they can withstand cybersecurity threats. Designers should comply with widely accepted industry standards, such as ISA/IEC 62443, which defines the requirements and processes involved with implementing and maintaining cybersecure industrial automation and control systems. Proactive users will audit their installations to confirm ongoing performance of their installations.
Making products secure by design
Secure connectivity from the plant floor to the cloud is no longer a nicety for industrial automation and data processing systems; it is an imperative. Traditional OT products were not built to deliver the level of cybersecurity that must accompany this expanded connectivity. Malicious actors are now targeting OT environments for a wide variety of reasons, and industry must be prepared. Add-on cybersecurity, or worse yet ineffectively created custom cybersecurity, leaves operational facilities vulnerable to attacks that can cripple production or introduce safety and environmental hazards.
Open standards, especially those developed and leveraged from the large base of IT technologies, provide the best answer for the OT industry. Developers need to build their automation solutions based on these types of standards – using industry-leading products with key security features built-in – such as digitally signed and encrypted firmware/software, secure boot, and encrypted passwords/applications. By following a robust, tiered approach, developers and OEMs can provide the best possible cybersecurity for their automation and IIoT solutions.