Industrial control systems have made life easier for automation and manufacturing, and are a vital component in both the present and future of the industry. Unfortunately, with every new technology or process comes complications, unique problems that were unforeseen or impossible-to-imagine in the previous way of doing things.
Right now, the largest hurdle for industrial control systems (ICS), IIoT devices, and industrial computers are malicious attacks from hackers and invasive software. These attacks can not only stall production and damage expensive equipment, they can also directly steal money and sensitive data right from connected networks.
Today we're going to look at what can be done to prevent these attacks, how to mitigate the damage from successful attacks, and what makes industrial cybersecurity such a tricky process.
Why is Industrial Cybersecurity So Difficult?
Industrial cybersecurity is often so full of holes due to the nature of the beast — after all, we're not talking about an office full of identical desktop PCs with the same hardware design and operating system, or a classroom full of Chromebooks. In those cases, cybersecurity is relatively simple — all of the platforms have the same requirements and can be managed using the same program or protocols.
The connected devices on an assembly line or rarely so homogenous. The HMI panel that the worker uses may be a Windows PC (relatively easy to manage and protect on the network with common cybersecurity measures), but think of all of the industrial-internet-of-things devices on the factory floor.
Any device on the wireless connection connecting to any other can provide an easy doorway. Even Bluetooth devices can be cracked using vulnerabilities like BlueBorn and Btlejacking. From vibration, temperature, and motion sensors to proprietary scanners, tough tablets, and customized robots (and software for all of these), cybersecurity is a bit more troublesome.
With such a wide array of manufacturers, styles, standards, software compatibility, and customization, how can any factory truly be safe?
Does a connected factory mean a vulnerable factory?
The Planning Phase
You can't get what you need until you know what you need: this where a security professional gets involved. A security auditor can walk through your facility, scoping out all of the devices, how they function, and how the employees use them. Once this has been done, the auditor will advise your IT team on what exactly needs to be done to secure the factory floor.
From there, the IT team either works with the auditor or on their own to implement the necessary equipment, changes, and training to not only plug vulnerabilities but to reduce the damage any breaches could cause.
The key to succeeding in this phase of industrial cybersecurity is risk assessment. Will an extremely expensive solution fix a hugely unlikely vulnerability? If the risk is small, the solution should be small, too — there's no reason to kill a mosquito with a bazooka. For instance, yes, the Bluetooth hacking method mentioned above — Btlejacking — is very real, and can create a vulnerability in any low energy Bluetooth device. However, it has to be done from no more than five feet away: not exactly easy in a secure factory, and probably not that likely.
On the other hand — and especially if budget is a factor — the most likely network vulnerabilities (both those more common in general or those attached to more sensitive information) should be addressed first and at maximum efficacy.
Skimping on the risk assessment and planning phase can pooch the entire strategy before it's even been fully implemented.
The Hardware You'll Need
Sure, any IT professional worth his ID badge knows about firewalls and secure servers.
However, since so much of the business rides on an everflowing production line — and delays and downtime can take such a huge bite of profits — the point-of-contact devices between the workers and the factory equipment to be equally secure.
Two-factor authentication (multi-factor authentication, if you're feeling really paranoid) is easily the most effective physical deterrent to unauthorized computer and network access. This can be achieved in a number of ways, through a combination of a password (something the user knows) and physical keys like RFID dongles, CAC or smart cards, a barcode on an ID badge, or even a biometric marker like a fingerprint (or, something the user has).
While there are side peripherals for many of these scanners, it's far cleaner and more secure to go with an industrial computer, HMI panel, or industrial tablet that has these kinds of scanners integrated. RFID scanners, fingerprint readers, barcode scanners, and smart card readers can all be customized to fit within the normal chassis of these devices, meaning they can never get lost or "walk away" and ensure that all employee terminals are as secure as possible.
What to Expect When You're Expecting Cyberattack
The next common point of cybersecurity preparation is after an attack has happened. And while we all like to imagine we can invest in cybersecurity and then sleep soundly and safely all night, it's important to remember that even the most robust cybersecurity strategy isn't (and can never be) 100% perfect.
Cyberattacks are constantly evolving, software gets updated and introduces new patches (and requisite new loopholes), and employees can accidentally give away sensitive information that would never escape a firewall. Planning and implementing cybersecurity programs and equipment is only half the battle.
The other half of protection is cyberattack response and recovery, which unfortunately often gets skipped. According to a worldwide study by IBM Security, a whopping 77% of IT experts responding to the survey had no cybersecurity incident response plan in place.
Consider looking into automated cyberattack response platforms, which help mitigate a shortage of IT staff (or the large workload from frequent attacks). These automated cybersecurity platforms identify when cyberattacks happen, noticing the telltale signs of attacks like denial-of-service or other methods, and informing the relevant personnel.
A response system should also, ideally, deploy a few different methods of communication: after all, if the system for communication (emails, IP phones) is downed by the cyberattack, that's not going to work. Consider using multiple methods of automatic notification, including email and text to the relevant IT professionals.
Staying Safe and Cybersecure
There's no magic bullet for industrial cybersecurity, but a combination of strong planning, risk assessment, outside security auditing, two-factor authentication, and a versatile automated cyberattack response platform can act as a multi-layered shield to protect your production line and network from unwanted access.
To learn more about how to implement these kinds of solutions, or to speak to an expert about industrial computers and two-factor authentication, contact Cybernet today.