This is part 1 of a 2 part series. Next week we’ll reveal part 2.
Manufacturers who are better at connecting factory systems with enterprise networks undoubtedly create a more agile, efficient, flexible and profitable business, as exemplified in a recent case study we had with Daimler Truck North America. The problem is that more connections also open the door to new security risks. Further, previous generations of industrial control systems were not conceived with security or IP connectivity in mind. The net effect is that vulnerabilities can really start to proliferate when you integrate more enterprise IT with industrial assets and technologies. At the same time, malicious hackers are getting more sophisticated.
Industrial Automation and Control Systems (IACS) have a history of utilizing proprietary hardware and protocols that are hard to integrate with network security. They may be segregated from industrial IP networks, but they’re still at risk because they’re often set up as simple, open-network machine islands, with limited or no security. Why build islands of automation that create islands of untapped information—constraining business agility, efficiency and growth potential—if you’re not really even establishing sound systemic security? One great resource for more questions to ask and insights into securing your industrial control systems is our Buyer’s Guide: 10 Questions to Ask Your Industrial Control Cybersecurity Vendor.
The stakes are high for manufacturers. According to a recent Cisco Connected Factory white paper, if cybersecurity concerns delay digital implementation, it could take up to five years to realize value and catch your competitors. And our recent Cisco 2016 Annual Security Report purports that the industrial sector has some of the LEAST mature security practices and policies and LOWEST quality security infrastructure. All of this means security presents an opportunity to sustainably differentiate your business.
As they say, the best offense (i.e., growth) is a great defense (i.e. security). And while seven is considered a lucky number in many cultures, luck is NOT a security strategy.
Consider these ‘Security Seven’ approaches to enable your factory to play great defense.
- Create, Educate, and Enforce security policies.
Many plants don’t even have the most basic security policies written down. Start by drafting and implementing a set of written security policies and procedures for your plant that will, for example, outline who should be able to access what assets, define acceptable asset use, and define reporting mechanisms for events. Your written policies should also contain an incident response plan including any procedures to restore critical production systems after a security event.
- Lock down your factory with defense-in-depth security.
The more connections you have in your manufacturing environment, the more chances for a breach. No single technology, product, or methodology can fully secure your network. Protecting critical manufacturing assets requires a holistic approach that uses multiple layers of defense—physical, procedural, and digital (network, device, application)— to address different types of threats. A basic mapping exercise will help you get started, providing an inventory of all the devices and software on your network.
Remember, ’air gap’ strategies are fallible—just because a robot or device isn’t connected to the network doesn’t mean it’s completely safe. One corrupt or malicious thumb drive will put an isolated machine at risks of unplanned downtime or worse, safety incidents.
- Strengthen your first line of defense.
Physical security is especially important in manufacturing. Some of the most severe damage comes from the inside, when entry is gained from the factory floor. Whether it’s preventing inventory lift, data loss or intellectual property theft, companies can benefit from a comprehensive physical security solution integrated with a secure wired and wireless industrial network. You can protect PLCs and other play assets with physical access restrictions like locks, key cards, and video surveillance. In places where it’s practical, you can also add device authentication and authorization, plus encryption.
For example, Del Papa Distributing, a regional beverages distributor, needed to protect its new 27-acre headquarters in Texas. Del Papa built a secure IP network with Cisco solutions for video surveillance, physical access control, digital signs, temperature sensors and more.
IP cameras monitor the property perimeter, a 100,000-square-foot warehouse, office corridors, and all delivery gates. System alerts notify employees when a door to a restricted area is open, with links to live video. Doors can be opened and closed by pressing a button on an IP phone.
- Control who is on the network with device profiling.
People are bringing their own tablets, phones, and other mobile devices into the manufacturing workplace, making it more difficult than ever to complete network visibility and control. With device and identity profiling services, you can monitor, authenticate, and control all the users, devices, and even applications connecting to the network with a centralized, policy-based approach to security.
For example, Diebold, Inc. set up a Cisco solution including the Cisco Identity Services Engine (ISE) to help protect its network of 87,000 devices in 77 countries. The solution allowed Diebold to easily profile all devices in the network and streamline guest and contractor access.
“It’s made our whole process significantly easier – and safer too,” – Diebold’s Chief Security Officer
If an outside contractor—e.g., servicing OEM equipment as many plants have every hour of the day— connects a laptop to an open port on the plant floor, Cisco ISE detects the connection and identity then denies access. This averts unplanned downtime and other undesired outcomes from intended or unintended security breaches.
We’ll share the rest of the Security Seven with you next week. For more factory security best practices, download our latest whitepaper:
To receive future Manufacturing blogs straight to your inbox:
Todays PLC’s also allow navigation through the controller backplane to anything else that’s connected. If an isolated network, like Devicenet was used to communicate with IO for example, those “air gaps” may not exist at all. Since Devicenet is a Master-slave communication arrangement, similar to other CAN based protocols, an attacker may be able to imitate the primary master and send false commands to the slave devices. In other words, those more obscure industrial networks can be compromised. Sometimes easily. Security by obscurity is also not an option…
Thanks, Scot. Great addition … systems designed with “air gaps” may have their own obscure “conductors”, or conduits, for information exchange that can be exploited. Instead of passive strategies of security by obscurity, part of the mission with security is actively ferreting out obscurity!
…Say in those industry cases that when you’ve reached the ceiling of functionality with your PLCs, because now you want to add on board processing, custom electronics, vision or motion to your system without redesigning the entire thing by the nature and characteristics of a production line, a programmable automation controller (PAC) can help…but because a PAC combines the functionability of a PLC and a PC, security problems are at another level, taking into account threats like “airhopper”, “bitwhisper”, “diskfiltration “, “fansmitter” to name some…
Great article…Thank for sharing it…
Thank you, Dr. Wong-Perez. Really appreciate your taking the time to read the blog and providing your own deep insights.
Comments are closed.