As connectivity between different devices and networks continues to evolve, so too do attacks on industrial automation and Industrial Internet of Things (IIoT) systems. Manufacturing enterprises must plan and implement effective defense-in-depth strategies and continuously evaluate and adjust their security measures.
According to Symantec's 2018 Internet Security Threat Report, vulnerabilities related to Industrial Control Systems (ICS) increased by 29% in the past year. Given that these systems connect to and control processes that are critical to security, vulnerabilities can lead to costly, widespread, and exceptionally dangerous harm.
Malicious attacks on industrial control systems can include loss of display, manipulation of display, denial of control, control manipulation, and loss of control. Consequences may include dangerous malfunctions and prolonged downtime. Unauthorized access can endanger the safety of employees and the public, and cause downtime, intellectual property breaches, and loss of market share, thereby impacting the company's interests.
Given the gravity of the matter, figuring out where to begin can be quite stressful. By analyzing and auditing industrial control system assets and processes, companies can gain a better understanding of threats to safety, reliability, and security. A security audit is a great starting point and should include the following three simple steps:
1. Inventory of assets
While it seems simple, most businesses aren't entirely clear on what assets they need to protect, such as programmable logic controllers (PLCs), human-machine interfaces (HMIs), and supervisory control and data acquisition (SCADA) systems. Categorizing assets based on their common attributes and understanding the data attributes of each asset is crucial. This is a vital starting point because if a business doesn't know what it needs to protect, it cannot provide protection.
2. Inventory the network
An asset inventory enables enterprises to understand the tangible assets connected to the network. The next step is to understand how these assets are connected through the network structure and configuration. Understanding the possible transmission paths of data can reveal how an attacker could access it. A physical and logical diagram of the enterprise network will lay the foundation for a successful third step in an enterprise security audit.
3. Inventory the data flow
Understanding data flow is crucial. Because many protocols used in industrial automation lack safeguards for protecting traffic, numerous attacks can be carried out without any resistance: simply by accessing the network and understanding the protocols. Understanding ports, protocols, endpoints, and timing requirements (deterministic or non-deterministic) helps identify which network assets, as determined in Step 2, will have data flowing through them.
Team members who design and maintain industrial control systems and network infrastructure can perform these steps. Once these steps are completed, they gain some understanding of the assets, how they are connected, and how data flows across the network to each endpoint. To gain access to the network and assets, an attacker must breach one of these three known domains. They need to add new assets to the network; modify network configurations to gain access to different layers of the network; manipulate existing devices to interact with new endpoints; and create new data flows.
Having security measures in place doesn't mean "set it up and forget about it." In this ever-evolving threat landscape, yesterday's best practices may no longer be sufficient today. Through security audits, businesses can gain deep insights into the assets and data flows within their industrial control systems, preparing them for implementing defense-in-depth strategies and industrial control system cybersecurity initiatives. To reap the benefits and ensure the safety of intellectual property and production line workers, taking necessary steps to enhance the security of industrial control systems is more important than ever.
Disclaimer: This article is a reprint. If it involves copyright issues, please contact us promptly for deletion (QQ: 2737591964). We apologize for any inconvenience.
