Get best of the week

How to improve the safety of industrial automation


Sven Shreker, chief architect of IoT Security Solutions Group of Intel Security Corporation, is a rather well-known person. Therefore, we decided to translate one of his recent articles on information security in industry. Enjoy reading!

The history of industrial automation seems very exciting to me. New technologies picked up production processes from the industrial era, catapulting them right into the information age. When it seemed that productivity had already reached its peak, the Internet helped raise production efficiency to unimaginable levels. 

Unfortunately, industrial automation broke into a modern, data-driven and Internet-connected world, and rushed past digital security, not at all slowing down its pace. 

Welcome to the digital age when an anonymous hacker in virtual space can infiltrate industrial automation systems. How to ensure the security of these systems, while at the same time meeting the needs of the business? 

Operational Technology (OT) teams still require high resiliency and availability. Information technology (IT) teams are required to be interconnected, secure, and compliant with regulations. Both of these teams should involve new specialists: data analysts who need to collect, exchange and analyze data in real time for each business decision. This article discusses the security situation in modern industrial automation systems, technological and organizational problems of its improvement, and a dynamic model for implementing security and trust in industrial control systems (ICS) and control and data acquisition systems (SCADA).

Crime and Conflict Have a New Address


Physical hacks and attacks on SCADA and ICS systems are pretty much a twentieth century phenomenon. Most attacks today are carried out by attackers with high motivation and necessary resources. These people are often experienced programmers working for cybercrime groups from other continents. Holdings and even states are constantly engaged in an invisible battle with the enemy, because production facilities and critical infrastructure are at risk. Here are some noteworthy examples:

  • 2010 , Stuxnet , . , , , .
  • 2014 , , . , . « » . .
  • 2014 , - . , , . , .

Unfortunately, such security incidents occur more often (we wrote recently about another story when hackers attacked the American gas distribution system. The classic Ransomware, a ransomware virus was used to attack) and the damage from them is constantly growing. An up-to-date list of alerts, recommendations and attack messages can be found on the Cyber ​​Security Emergency Response Team (ICS-CERT) website .

Attack on data


Data collection and analysis is a competitive weapon of our time. Based on them, analytical ideas are generated that optimize processes in each area of ​​the business. Manufacturers often invest hundreds of millions of dollars in order to achieve a 10-20 percent increase in efficiency. Efficiency increases due to data (and conclusions from them) obtained as a result of analysis of consumer use and demand, procurement, optimization of the supply chain, production processes, production planning, and much more. By carefully changing this data, attackers can de-optimize the processes of a company that does not even notice it. Even the easiest data manipulation can harm a business that is always on the verge of balancing.

Security myths and misconceptions


A number of myths and misconceptions hindered the development of industrial automation safety systems. The most common include:

  • “Our technology systems are well protected because the production line is not connected to the Internet.” This is a popular and very dangerous misconception. It is highly unlikely that any production management system is truly isolated. Even one user who can access the production system by accessing the Internet, or who connects to the system using a laptop or tablet, creates security vulnerabilities. It is enough to recall the cases of the Iranian nuclear enrichment plant and the German steel plant.
  • « 20- , ». , , . . / , , . , .
  • « , , -». , .



Modern client-server industrial automation systems have switched to edge-to-cloud architecture due to cost and flexibility advantages. And today's interconnected world is increasing the number of risks in these systems. Regardless of the application, security begins with establishing a chain of trust between devices, data and systems. In a trusted system, everything must be authenticated and validated to ensure compatibility and integrity at every point. And accessibility requirements and the inherited nature of industrial automation systems pose additional challenges. Maintaining existing investments in system infrastructure is of utmost importance. Therefore, a viable security model should work with both existing and new systems. In addition, security is a dynamic process,as security needs, policies, and threat detection methods change over time. Therefore, any viable solution must be adaptable and updated.

Primary requirements


An integrated model of a security system establishes and ensures reliable interconnection of industrial automation systems. This model has three basic requirements:

  • Secure devices (with built-in information security features)
  • Secure communications (communication protocols between devices)
  • Security monitoring and management (response to events and incidents)

Protected devices


Creating a chain of trust begins with device authentication. Previous approaches to verifying device identity, such as using IP addresses and MAC addresses, are not trustworthy: IP addresses change regularly and can be very easily tampered with by hackers, while MAC addresses can be easily reset. Therefore, device authentication should begin at the physical level of the processor inside the hardware. Trusted technologies can be used to increase security. For example, the built-in security coprocessor is a special microprocessor designed to store cryptographic keys in a hardware container protected from unauthorized access.

This allows the chip itself to perform cryptographic operations, such as measuring the level of trust in the boot process, operating system, virtual machine, or application. The key to this process is the accurate measurement of code, data structure, configuration, information, or anything that can be loaded into memory. During measurement, a cryptographic hash is calculated using a secure hash algorithm. It allows you to check the integrity and detect changes (or damage) in the code, configuration or data.

A similar scheme is applied to the software located on the disk to check whether it was tampered with before being loaded into memory and executed. The trust chain continues to line up and be checked through the entire software stack, including during the download process, and throughout the system - even when data is encrypted and transferred to the cloud. Obtaining trusted devices, data, and programs is important in industrial automation, especially given the predominance of machine-to-machine communications. For example, trusted devices can electronically sign data received by reliable industrial monitoring sensors. If a hacker manipulates data, the data signature will be inaccurate and will be marked by a monitoring system. In this case, the unreliable part of the data and the machine or sensor where the changes occurred will be installed.

Secure connection


Trusted space for transactions are areas that allow authorized business communications. Devices must ensure the trust and integrity of data within each zone. Two security technologies allow communication between trusted zones: intelligent security gateways that allow users to safely aggregate, filter and exchange data from the office to the cloud; and trusted runtimes that allow you to safely and reliably execute application data anywhere.

Intelligent Gateways: Connecting the Past and the Future


There is a reason why legacy systems are so common in industrial automation: they work. Some of them have been improved for decades. The new classes of smart gateways (some just two inches by two inches) are used to expand legacy systems by connecting them to next-generation smart infrastructure. These gateways physically separate legacy systems, production areas and the outside world, limiting the attacking surface of an industrial automation system.

Such a gateway can protect an outdated device without modification, making it an attractive initial security solution for creating a consistent level of security in an industrial environment. As with any secure device, security gateways must boot securely, authenticate with the network, and then perform any number of security and communication tasks on behalf of the devices behind them. They can be prepared for linking trusted zones by checking integrity calculations, verifying certificates, applying cryptography, and establishing reliable communication channels. Gateways can also include protocols for managing the production systems to which they are connected, which can extend the life of these systems,allowing to carry out repairs and updates without physical visits to trusted areas of equipment placement.

:


Trusted runtime enhances security by preventing malicious code from executing. Virtualization and encryption technologies are used to create secure containers for applications and data. Only approved devices work with such containers. These environments are safe and secure areas, they protect data from unauthorized access, making data and applications invisible to third parties, preventing possible leakage of confidential information.

Even in a virtual machine managed by an unknown vendor, a trusted runtime can authenticate and digitally sign data, and subsequently verify the integrity of that data. For example, production data from an industrial automation system that stores and processescloud service provider will be protected from spoofing and change.

Security Monitoring and Management


The old IT proverb says: you cannot control what you cannot control. Effective supervision of distributed industrial automation systems requires centralized management of enterprise devices, as well as the ability to monitor, collect and analyze event information on all devices. This will provide cross-cutting situational awareness of the entire system.

Enterprise Security Management Consoles


The management console allows IT staff to manage and monitor the global highly developed distributed environment. From the management console, the software on the devices is remotely controlled and updated, as well as the security policy on the devices is determined and refined. For example, managing whitelisting policies on remote devices that define a list of trusted applications, data, communications, and other functions that the device is allowed to perform.

The corporate governance console of the company should be closely integrated with its solution for information protection and event monitoring (SIEM-system) and other security modules. A high level of integration can significantly reduce complexity, improve situational awareness, and reduce management time and costs. In addition, the scalability of the enterprise management console and the SIEM used is becoming critical.

Security Information and Event Monitoring


SIEM systems collect, consolidate, compare, evaluate and prioritize security events from all managed devices in an industrial automation system. SIEM allows you to maintain situational and contextual awareness of all events, as well as identify basic trends and anomalies. Behavioral characteristics help distinguish between normal and abnormal patterns of work and improve policies, minimizing false positives. SIEM data is also important for forensics, allowing you to better understand a security incident or device failure.

Ecosystem creation


Given the distributed, interconnected nature of modern industrial automation systems, to achieve complete safety, you need to work on many vectors at once. Equipment manufacturers for industry and critical infrastructure (OEMs) are actively forming consortia with corporate security providers to ensure interoperability, set open standards, and define application programming interfaces. New systems and industrial control devices are built from scratch and are developed using safety technologies that provide backward and forward compatibility.

Tips, Tricks, and Critical Ideas


There are no two identical companies - each of them has a unique security infrastructure, technologies and processes used. Some of them have made significant progress in creating converged solutions for system security, while others are at the beginning of the journey. Regardless of what stage the organization is in this process, here are some general guidelines to keep in mind.

  • Create a security task force. Make sure that the group includes personnel responsible for both information and operational technologies. Highlight key employees in your production and industrial management teams and invite them to briefings and events. Take a tour of the factory or facility and talk to managers and advanced staff.
  • . , . , , .
  • , . , , « ». ? ?
  • . , - .

Consider how to use these concepts to create higher levels of embedded security, secure communications, and manageability in industrial automation systems. After all, these days no one can be protected too well.

So, a hypothetical example from a brutal real world is a hostile takeover of a company through data manipulation. Unscrupulous players will use any means to achieve their goals while harming competitors - including hacking, industrial espionage and sabotage. Consider this example: a large chemical conglomerate wants to capture a competitor who has no desire to be bought back.

Hacking a competitor’s production system by manipulating stock orders or a slight change in the technical characteristics of materials can adversely affect product quality. This reduces customer satisfaction, reduces sales and reduces profitability. It is very likely that the causes of the problems will not even be detected. The resulting discontent of shareholders can create favorable conditions for the acquisition and a favorable price. Industrial automation systems are particularly vulnerable to such attacks, since many of them are connected to the Internet without proper protection.

In addition, many everyday decisions are made as a result of inter-machine interaction, which makes it difficult to track them without an appropriate security system. Although a cyber attack is already a morally bankrupt business idea, it is difficult to argue about its economic value.

What else is useful to read on the Cloud4Y blog

→ Life of a data byte
→ Computer brands of the 90s, part 1
→ Easter eggs on topographic maps of Switzerland
→ How a hacker’s mother got into prison and infected her boss’s computer
→ How did the bank “break”

Subscribe to our Telegram-channel, so as not to miss another article. We write no more than twice a week and only on business. We also remind you that Cloud4Y on April 13 at 15-00 (Moscow time) will hold a webinar " How to switch to a remote site: the quick organization of remote work of employees ." Register to participate!

More articles:


All Articles