The Industrial Internet of Things (IIoT) is proliferating across industrial plants, connecting sensors, connecting machines to machines, and sending condition data on plant equipment to outside vendor. The result is improved efficiencies and increased optimization. Yet with that connectivity, there are also a few headaches in the form of cyber security challenges.
Much of the connectivity shift includes moving from proprietary systems to standard IP networks. “When you move from proprietary to standard IP, there are efficiently gains from communication and connectivity, but there are also security vulnerabilities migrating to the OT network,” Dave Meltzer, chief research officer at Tripwire, a cyber threat detection company, told Design News. “Traditionally the plant was disconnected from the public internet, but the leap from IP to OT has become very real which gives the attacker easier access to OT networks.”
One of the challenges in protecting the industrial network against cyber intrusions is the inability to know if the network has been compromised. “When someone breaks into a manufacturing operating system, nobody finds about out it,” said Meltzer. “We’ve seen this in a handful of incidents that have been publicized, and we’ve seen it in many more behind the scenes.”
The Inevitable OT vs. IT Clashes
Part of the difficulty in making the extended OT network secure is that the plant network is typically connected to the enterprise IT system, thus giving IT some ownership – or at least some oversight – of the plant OT network. Problem is, the IT priorities (security as the uppermost concern) differs from the OT priority of continual uptime. Many plant managers when told of a breech say, “Keep the plant running while you work on the problem.”
Meltzer notes that the plant managers and IT staff have to work together to ensure security. “OT and IT clashes don’t help. OT wants availability, while IT believes confidentiality is more important,” said Meltzer. “When IT looks at industrial security, they have to understand the priorities of OT.”
MORE FROM DESIGN NEWS: A Look Inside the Industrial Internet Consortium
According to Meltzer, there is progress in settling the OT/IT differences. “IT as a whole is starting to appreciate the importance of availability,” said Meltzer. “If you try to apply IT solutions to OT wholesale, it doesn’t work. So you have to find out how to introduce security while respecting the OT view.”
Part of the difficulty in detecting breeches or preventing intrusions is the variety of ways an attack can occur. “A compromise in the OT network comes in a lot of different forms. Maybe it’s an employee downloading malware. You see this all the time in IT,” said Meltzer. “Not every OT has been compromised, but the sophistication of hackers is increasing. One of the real struggles is that when OT environments are compromised, there are often not enough monitors to tell how they got in, what they did, and how to prevent them from entering in the future.”
MORE FROM DESIGN NEWS: Cisco and Rockwell Partner to Enhance Cyber Security
Meltzer noted that the best approach is to deploy a combination of solutions. “We like network segmentation. You can keep attackers from going beyond where they enter,” said Meltzer. “We also use endpoint solutions to protect individual assets. It has to be defensive. The people who are working on protecting industrial networks say you need to have a layered approach.”
Disconnect and You’re Still Vulnerable
In the past, manufacturers believed assets were safe if they were not connected to an outside network. They were thus “air gapped.” Yet the Stuxnet attack on the Iranian nuclear program proved that concept faulty, since the Iranian system was not connected to an outside network when it was attacked. Instead, the worm come in through a vendor’s flash drive. “Air gapping is often not a solution because there are ways things can move across networks, such as speakers on computers that communicate between devices that are not connected,” said Meltzer.
Cyber attacks are a rapidly developing area. Like the Whack-a-Mole game, as soon as one threat is conquered, another pops us.. “Attackers are getting more sophisticated in how they attack OT networks,” said Meltzer. “A firewall is not a silver bullet. But if you didn’t have a firewall you would really be vulnerable. Ultimately, organizations can do better than the status quo today.”
Rob Spiegel has covered automation and control for 15 years, 12 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years he was owner and publisher of the food magazine, Chile Pepper