Cybersecurity in the Age of IoT

  Enquiry / contact me

Most manufacturing companies today are engaged in some kind of digital transformation initiative. But the systems to be interconnected on a common internet of things (IoT) platform vary enormously. The ideal is to share data between multiple systems

Industry 4.0

Cybersecurity in the Age of IoT
Cybersecurity in the Age of IoT

Security is of primordial importance to the success of a company’s digital transformation project and even to the survival of the company as a whole. The increasing frequency and destructiveness of cyber-attacks is already well known. Companies must contain the risk of unplanned downtime to avoid damage to their reputation as well as material losses.

To do so, they need to implement the means to detect potential attacks before they occur and prevent the kind of dramatic ransomware consequences we have seen over the last few years. Human error is another risk factor – insider crime of course, which we’ll look at in more detail later, but also unintentional errors that can occur as a result of the increasing complexity of technology.  

Companies implementing a cybersecurity strategy will need to take two areas into consideration: the technological and human resources designed to prevent an attack, but also a risk containment strategy that details what must happen if an attack occurs. There’s no such thing as zero risk, so production needs to get back on track as quickly as possible. 

Secure and reliable network

The foundation to an effective cyber-security strategy is a secure and reliable network infrastructure. This is often easier said than done. Manufacturing companies face a number of challenges – a lack of qualified staff, old systems and various different protocols that increase vulnerability, an inflexible infrastructure, and little collaboration between operations technology (OT) and information technology (IT) staff.

This latter point is a challenge due to differing philosophies – heterogeneous, task-specific systems with a physical outcome for OT, and homogeneous, widely-used systems with a digital outcome for IT. Wide system usage has made IT a target for years, while serious attacks on OT systems have only emerged comparatively recently, such as the Stuxnet attack in 2010. But they are catching up fast. 

Threat vectors

So how do cyber-criminals sneak into companies? One common way is by phishing and similar practices involving identity and password theft. This gives them access to IT and engineering systems. Other vectors include compromised USB drives that infect computers and VPNs.

Imagine what would happen if a criminal were able to access all devices down to the I/O and sensor level – they could change product recipes in a food company or even the formulation of a drug made by a pharma company with potentially dramatic consequences. It’s also important to take internal threat vectors into account – a disgruntled IT or engineering employee can do a lot of damage when they have wide-ranging access privileges.

This is why companies need to have threat detection capabilities that monitor normal system behavior and trigger an alert and a predefined set of measures to be taken if any anomaly is spotted.

Industrial security must be implemented as a system

Cybersecurity solutions for industrial companies need to be implemented as a complete system and meet four main requirements:

  • Defense in depth that safeguards every device using multiple levels of protection to reduce risk
  • Openness to support heterogeneous assets from a variety of suppliers
  • Flexibility to accommodate companies’ policies, processes and procedures 
  • Consistency with industry standards and regulatory directives, such as IEC 62443 

The IEC 62443 standard is important because it emanated from the International Society of Automation’s ISA-99 initiative involving a range of actors, including Rockwell Automation. It is also aligned with ISO 27000. Rockwell Automation software has been certified as compliant with IEC 62443.

NIST Cybersecurity Framework

Rockwell Automation recommends the Cybersecurity Framework, developed by the U.S. Commerce Department’s National Institute of Standards and Technology (NIST), as a viable cybersecurity guideline and bases its own cybersecurity strategy on this standard. It comprises five areas: Identify (know what you have); Protect (secure what you have); Detect (spot threats quickly); Respond (act immediately); and Recover (restore operations).  

Identify: this involves conducting a complete inventory of all IT and production network assets, including old or obsolete systems, and defining their level of criticality. It also includes a review of all documentation as well as passwords and how they are managed. Network and Cybersecurity Assessments, provided by Rockwell Automation Connected Services, are a recommended methodology for obtaining a clear picture of the current status and necessary improvements of cybersecurity related infrastructure and procedures.  

The Protect stage involves implementing security zones around groups of assets, qualified patch management, and a site appliance that monitors all assets – both OT and IT. It learns what normal data traffic flowing to and from an asset looks like, making it easier to spot anomalies immediately. It also involves creating comprehensive backups of critical systems to help ensure rapid restorability if an incident does occur.

Detect: Hackers can make changes which might not be recognized immediately. They can change machine set points, recipes, procedures or any other parameters. If these modifications are only discovered after a longer period of time, this can cause huge damage with possibly serious impacts on people, machines and company reputation. With a threat detection service that includes automated deep packet inspection (DPI) of all IT and OT data streams and devices down to Level 0 – the sensor and I/O card level, these anomalies will be detected immediately and damage can be avoided. 

Respond: the DPI function will trigger an alert as soon as it detects anomalies, such as logins from an unknown IP address or code changes in a controller. The customer and/or Rockwell Automation service center can then initiate the previously agreed incident response measures, such as turning off defined assets to limit the incident’s impact.  

Recover: the backups from the Protect stage come into play to get systems back up and running as quickly as possible after an incident and limit the impact to production. In addition, asset management systems, like FactoryTalk AssetCentre, provide the latest valid versions of controller code and other devices’ programs. The goal is to get back to a normal state as soon as possible. This stage also implies a post-incident analysis of where the attack or anomaly occurred in order to close any loopholes and possibly identify the perpetrator.
 

Posted on May 22, 2020 - (1289 views)
Rockwell Automation - European Region
12a, De Kleetlaan
1831 Diegem - Belgium
+32-2-6630637
+32-2-6630634
View full company profile
Location
Related articles
Distributive IIoT Architecture
Best Practices For Profitable Warehouse Management
Single Board Computer for Real-time Critical Applications
Managed Service Suite Platform for Plant Asset Performance
Lilly Life Science Studio Automated Laboratory Goes Further in the Search For New Drugs
Carlsberg Announces Extension of Digital Manufacturing Solutions Across 28 Breweries
Predictive Maintenance of Rotating Equipment
Global Survey Conducted by Molex Highlights Continued Progress in Industry 4.0
Presto Engineering and Cadence Partner to Expand Semiconductor Package Design Solutions for Automotive and IoT Markets
Computer-On-Module With 4 to 16 Cores
Mobilizing Real-time Remote Operations
JUMO IoT Platform for Reliable Process Management
Robot Tools RFID Identifications
Open Standards Platforms
Open Standards Platforms
Co-creating the Future of the IoT World
Co-creating the Future of the IoT World
Procentec: Industry 4.Human
Robot Tools RFID Identifications
Co-creating the Future of the IoT World
Single Board Computer for Real-time Critical Applications
Global Survey Conducted by Molex Highlights Continued Progress in Industry 4.0
Versatile Industrial 5G Router
Unistream® PLC: Robust PLC Hardware with Virtual HMI
A Revolution of the Modern Data Center
IP67 Ultra-robust HMI Devices
Wireless Kits - Wi-Fi5/BT5.0 and LTE Cat.16
Eco-friendly Augmented RFID Solution
Compact & Configurable Rugged Industrial Computers
IO-Link Position Sensors
Distributive IIoT Architecture
Managed Service Suite Platform for Plant Asset Performance
Lilly Life Science Studio Automated Laboratory Goes Further in the Search For New Drugs
IERA 2021 Awarded to ABB's PixelPaint Solution
PTC Leverages Spatial Computing Capabilities with Vuforia Engine Area Targets
HMS Networks Releases the World’s First Industrial 5G Router and Starterkit
New Series of Transducers for High Performance Gaging Probes
Ultrasonic Sensors with IO-Link Interface
Turning Data into Actionable Information is Vital to the Success of any Industry 4.0 Projects
AI Convention 2020 Replays: Tilkal