Improving the cyber security of industrial networks is a challenge you may be facing.
On the one hand your manufacturing processes probably use devices such as PLCs (programmable logic controllers) and DCS (distributed control systems) that were designed with a focus on reliability and safety rather than security.
On the other hand your industrial networks are already, or soon will be, connected to your company’s enterprise networks and migrated to Ethernet.
In considering how to decrease cyber risk and protect assets, it is important to look for technology solutions that are designed for the plant floor.
Some of the differences between plant networks and office networks are:
Taking these factors into account, here are 6 recommendations for securing industrial networks.
First, ensure that all network components, including cabling, cabinets and active equipment, are industrially hardened, resilient and have high mean-time-between-failure (MTBF) ratings. As you know, the demands of the plant floor are much harsher than the typical IT environment and require equipment to match.
The heart of IT network systems is often a climate controlled, secured data center where the equipment is usually standardized and less than 10 years old. In contrast, industrial networks operate on the plant floor, often in a hazardous environment, and the average life of the equipment is more than 10 years.
Photo on right courtesy of Good Health Group.
Having equipment that is easy to disrupt makes the attacker’s job easier and the support staff’s job much harder. Active components of the network, such as switches and routers, need to support industrial redundancy technologies. This way if part of your system is attacked by malware or affected by a network incident, you will be able to keep operations going.
There are a lot of acronyms and buzz words in this area such as “zero-failover”, PRP (Parallel Redundancy Protocol) and HSR (High-availability Seamless Redundancy). The important thing is to make sure that the networking equipment supports the level of redundancy required for your production needs.
Integration into industrial management systems is critical for both support and security event monitoring. Using such a system will facilitate the detection of unusual activity on the network, an area that is typically poorly done in the industrial automation world.
You or other plant staff should be immediately alerted if a read-only remote operator station suddenly tries to program a PLC. Waiting for the IT team to analyze the event the next morning is too late.
Firewalls should be optimized to secure SCADA protocols such as Modbus and OPC, rather than email or web traffic. Web and email messages simply have no place on a plant floor system and products that inspect these protocols simply add cost and complexity to the security solution.
Using the best practice of Defense in Depth, security should not end with a perimeter firewall for the plant network. Instead, production networks should be segmented according to ISA IEC 62443 standards. Each zone of devices should be protected with its own industrial firewall that can be deployed into a live plant network without risk to operations.
Every control system has one or more assets that would seriously impact production, safety or the environment if successfully attacked. These might be the SIS (safety integrated system) in a refinery, the PLC controlling chlorine levels in a water filtration plant or the RTU in an electrical substation.
You and others in the plant know what really matters to the operation. If those assets are aggressively protected, the chance of a truly serious cyber incident is massively reduced.
Secure Industrial Networks with Solutions Designed for Industry
If you are uncertain about how to improve the cyber security posture of your facility, following the recommendations above will shorten the time it takes to make improvements.
An additional tool is the white paper “7 Steps to ICS and SCADA Security,” available below, which summarizes best practices for ensuring good cyber security.
If you have tips or recommendations on improving industrial cyber security please let me know.