“Engineers not specializing in cyber security often throw their hands up at security, it’s not what they do,” says Pat Differ, Director of Sales at Securicon LLC, a consulting firm specializing in cyber security services and solutions for critical infrastructure industries. “The result is they may end up relying heavily on IT-oriented or recommended solutions that are not meant for industrial applications.”
If this bears any resemblance to what is happening in your organization, we have good news for you. Belden has recently teamed up with Securicon to provide one-stop security solutions to our customers. Our partnership was announced on June 1st and it allows us to be a single source for companies who need both services and technology in order to improve their industrial cyber defenses.
I recently had the opportunity to speak to Pat and Securicon’s CEO, Paul Hurley, to find out their thoughts on the state of industrial security. Read on to find out their innovative ideas about how to move forward on cyber security.
Many industries, like the one shown here, are still in the “very early” stage of ICS security expertise. Having a one-stop source for cyber security services and solutions makes it easier to improve defenses.
Perimeter Firewalls Are Not Sufficient for ICS Security
Cyber security is the biggest “major change” to hit the automation and process industries since Windows, according to Securicon. And, although high-profile cyberattacks and ICS vulnerabilities have garnered lots of media attention, overall industrial organizations are still at the toddler stage for dealing with them.
There are many reasons, chief among them being the “responsibility and ownership” divide between IT and OT (Operations Technology). This results in a lack of accountability for ICS security. A status quo can develop where a perimeter firewall or two (one managed by operations and one by IT) is seen as an acceptable solution. Then, inertia sets in and the industrial cyber posture remains weak.
Our joint experience (Belden’s and Securicon’s) is that a firewall at the OT perimeter (or the Internet perimeter, for that matter) is simply insufficient to adequately protect the control network.
Experience has shown that there are multiple pathways to the control system. Look at the simple diagram below and see if you are confident that your facility has blocked or secured each of the access points shown.
Experience has shown that multiple pathways to the plant floor exist, opening up ICS to both malicious and accidental cyber incidents
In addition, effective cyber security for a control network needs to take into account the harsh environment, high speed switching and insecure-by-design protocols that are characteristic of plant infrastructure.
How Hackers or Accidental Cyber Incidents Can Impact Reliability
Here’s one way to break through inertia and foster an effective working relationship between colleagues in the different disciplines. Just get your OT and IT teams together and take a look at the video below. In it, SCADA security expert Eric Byres demonstrates a worm infecting a pipeline system and its impact on the control system.
Particularly if you are unsure how a “hacker” or an accidental cyber incident might affect the Mean Time to Repair or Replace (MTTR) of the production network, watch this video. It might be the best six minutes and forty-two seconds you devote to ICS security!
How Industry Leaders Design Industrial Security Systems
Many companies want and need this because it allows them to use the same methodology at more than one location and to make comparable year-over-year assessments. This practice is easily measured and will clearly illustrate more cost savings for your return on this investment.
There are several frameworks, standards and guidelines that can be used for ICS infrastructure. Chances are you will need a hybrid. The more common ICS related ones are:
- The NIST Framework, NIST SP 800 -82 and others
- ISA IEC 62443 Standards (formerly ANSI/ISA 99 )
- AWWA security guidelines
- Specific guidelines or standards designed for your industry
The key is to get organized and build the right foundation for the long haul.
After an assessment framework is in place the tough detailed work on developing an ROI for cyber security investment needs to be done.
Production downtime is of course one risk, but don’t forget to include other risk impact areas associated with ICS like health and safety, environmental, financial, public relations, stock price and legal. In regulated industries, penalties might also apply such as GRID security and reliability.
Finally, determine the process you will use to handle mitigation or remediation.
Once assessments start producing valuable information, the process to highlight, prioritize, and plan the security strategy begins. Most security leaders use their assessment strategy to identify priority areas that bolster the overall security foundation.
Helping you select a standard, do a risk assessment and get an ROI analysis done is exactly where Securicon comes in. Plus, their people know both the IT and OT engineering sides of the house and can help facilitate cooperation and training awareness to strengthen your cyber security core culture.
Working with Belden, the appropriate communication infrastructure can be designed. It will be based on measured assessment impacts and identified improvements, making it easier to cost-justify the technology and project work needed.
Implementation, testing, documentation and training, all based on best practices, contribute to putting the security plan into action.
After the initial project, you may need help analyzing security data and making risk assessment a repeatable process. The watchwords here are “track-remediate-repeat.” Again, the Securicon-Belden team can help.
A further action might be to expand the initial security framework to accommodate the diverse nature of the entire OT infrastructure. This way, mitigation priorities can be applied across the corporation, giving the results meaning beyond each individual plant or control center.
If you are interested in talking to the Securicon-Belden team, here’s what to do:
Call your local Belden industrial sales engineer, or:
- In North America call 1-855-400-9071 or 510-438-9071
- In Europe, the Middle East and Africa, refer to this contact information
- For other parts of the world complete the form on this page
- Email sales[at]securicon.com
- Call using this contact information
Does seeing a cyberattack demonstration help you move forward on security? What are your roadblocks? I look forward to hearing from you.
Editor’s Note: This article was developed with expertise from Paul Hurley, CEO and Pat Differ, Director of Sales at Securicon. Belden thanks Paul and Pat for their contribution.
Differences Between IT and OT
- Blog: Why Industrial Networks are Different than IT Networks and What do to About It
- Blog: Working Together for Better Industrial Networking Solutions
- Blog: ICS Security - How Your IT Dept. Can Help
- Blog:Manufacturing IT: Separate the Industrial Network from the IT Network
- Blog: Commercial vs. Industrial Cables: 9 Essential Tests
- Blog: Why SCADA Firewalls Need to be Stateful – Part 1 of 3
- Blog: SCADA Security & Deep Packet Inspection – Part 1
Belden Industrial Security Products