By Shira Landau, Editor-in-Chief, CyberTalk.org
Industrial control systems deliver water, electricity, fuel and provide other essential services that power millions of enterprises around the world. These systems are susceptible to cyber threats, especially as industry 4.0 increases cyber-physical connectivity. In the recent past, numerous disturbing cases of cyber intrusion have occurred. Industrial network security is mission-critical.
Industrial network security is similar to standard enterprise information system security. However, it does present its own unique challenges. Industrial network security represents a critical business performance indicator. Industrial network security configurations provide insight into business risk exposure, level of corporate competitiveness, and indicate future business continuity, or potential lack thereof.
Systems and networks in industrial control systems (ICSs) retain special features and facets, and are often built on trusted computing platforms with commercial operating systems. Industrial control systems are designed with ‘rugged’ in mind. Most perform reliably for long lengths of time. The typical integrated industrial control system might have a life expectancy that extends for several decades.
The original system designers likely didn’t envision continual cyber-physical security upgrades. But cyber threats are evolving every day. How can industrial network security keep pace?
Industrial network security: An imperative
Improved industrial network security is an imperative. Industrial systems often rely on legacy devices and may run on legacy protocols. These systems were initially developed for long-term use far ahead of the proliferation of internet connectivity, web-based software and real-time enterprise information management portals.
In the early days of industrial networks, information security did not receive much attention. Physical security took priority. Systems were air gapped, which appeared adequate in terms of cyber security. In the 1990s, as organizations reengineered business operations and reevaluated operational needs, businesses began to deploy firewalls and other means of blocking attackers. As the years passed, an increasing number of security tactics were tossed into the mix. Nonetheless, industrial network security (INS) needed to play catch-up, and many INS leaders are still doing so today.
Industrial network security: The challenge
International bodies, such as the United Nations, are working to address industrial control system threats. At the same time, industrial organizations must take independent action around cyber security.
One challenge that plagues these systems is that threat defense measures can conflict with core network requirements. To visualize this, consider how CEOs and rank-and-file employees alike often try to skirt cyber security protocols when they slow down productivity. A similar security vs. function tradeoff can occur within industrial system development.
Sophisticated and advanced cyber threats represent a prominent problem for industrial groups. In addition, accidental cyber incidents are a growing concern. For example, an operational system engineer may introduce a network threat during regular technical maintenance.
It’s not just connected networks that are at-risk. Industrial networks that remain disconnected from the internet can still experience cyber intrusions. This can lead to data loss and other untoward business consequences. For instance, a third-party vendor may update systems, but in so doing, connect an unauthorized device that either intentionally or accidentally captures proprietary information.
Industrial network security: The solutions
- Infrastructure attacks represent imminent threats to industrial groups. Many recent attacks on operational technology (OT) and ICS networks appear based on IT attack vectors, like spear phishing campaigns via email and ransomware on endpoints. Using threat prevention solutions can prevent and eliminate these kinds of attacks before they breach the ICS equipment.
- An OT engineer may intend to patch systems expeditiously, only to find that the patch is not quick to install, thereby postponing the action, leaving the system unpatched. Operational technology cyber security vendors may be able to offer intrusion prevention systems (IPS) that reduce vulnerabilities through “virtual patching.” This type of solution can protect Windows-based workstations, servers and SCADA equipment.
- Antivirus and anti-bot technologies can also protect industrial equipment. The software can identify threats before they lead to extreme harm. Malware and bots alike can result in network failures, grinding business operations to a halt.
- To properly define a security policy, industrial groups must have solutions in place that provide visibility into and understanding of the environment. Visibility means seeing all of the assets within the environment and recognizing what they are and what function they perform. An understanding of granular configurations is also critical.
- Developing a behavioral baseline for characterization of legitimate traffic can further enhance security. To optimize a security baseline, experts recommend a focus on traffic logging and behavior analysis. Ultimately, organizations should strive for a baseline that can help hunt for threats within the network, detect anomalies and provide other valuable services.
As industry 4.0 evolves, strengthening industrial network security will enable businesses and individuals to operate in safer and more stable environments. The consequences of industrial control system network failures are extreme, and should be avoided at all costs. Avoid being the catalyst of the domino effect by shoring up your organization’s network security.