There was a time when you could look at network security and safety once every year or two and get a clear idea of the threats and protection strategies. We had a pretty good idea who wanted to crack the network open -- usually a disgruntled employee who knew the system. Intrusions were intentional. For years, IT had a big say in security, much to the consternation of the control team. Not very long ago, the idea of running safety on the control cable was viewed as dangerous.
Wow, what a couple years can do.
Everything is changing in network security and safety. You can throw out every assumption built over the past 10 years. The potential hacker could come from a number of dark corners. An intrusion may not even be intentional -- it may be a worm carried on a music file from an employee's iPhone. The control team now seems to be ahead of the IT department in knowing how to protect the network and knowing the dangers facing the plant. As for safety, running it on the same network as control is a no-brainer.
This diagram shows how the Department of Homeland Security envisions a protected industrial network.
Multiple networks to protect
Challenges have increased for network security in part because the network now has so many entry points. Only 10 or 12 years ago, the plant network was isolated. It didn't touch the outside world. Now leaks to the outside can be found up and down the network.
"Connectivity now includes links to business systems; links to supply chain partners; SCADA links to remote sites in industries like energy, transportation, and utilities; links that enable remote access for vendor support; links to mobile devices -- BYOD [bring your own device] and otherwise," Sid Snitkin, a vice president at ARC Advisory Group, told us. "Plus, myriad connections will emerge as IoT use in plants grows. Security is a concern in each of these networks and this is a key focus of every industrial cyber security strategy."
A new type of hacker
The bad guys have changed recently. In most plant attacks of the 1990s and the 2000s, the attacker knew the system inside out and had a very clear idea of the intended damage. The goal was to stop the plant's functioning or at least show that it could be stopped. "What was occurring two years ago in cyber security is that hackers wanted to get attention of the media and public," Frank Williams, senior manager for security at Belden, told us. "They were demonstrating their power and showing they could be destructive if they chose to. They were looking for consulting jobs, or they were just showing their acumen."
The nature of the hacker has changed dramatically, he said. In the last year, they have gone stealth. "They are doing the same type of hacking and intelligence gathering, but they are finding greater value in getting IP. They will go after a pharma company that just spent a half million on a new arthritis medicine. They're just waiting for the recipe. If they can get the recipe, they can sell it on the open market for a lot of money. So hacking has gone from clever bunny to financial gain."