Security mechanisms integrated into automation networks must operate within the network itself, regardless of the presence of TSN. This is what we learnt from our initial conversation with Dr. Oliver Kleineberg, Global Chief Technology Officer at Belden Industrial Networking.
The IEC has produced the IEC 62443 standards series right to enable this integration. This comprehensive set of specifications tackles cybersecurity on many levels: from the secure development process of automation products to the certification of products and even to the measures, mechanisms and best practices that should be used to secure automation networks.
Specifically, if we ask ourselves where we are now in terms of secured automation networks, we should never forget the powerful tools provided by the set of standards, which are real guidelines to tackle the challenges that all modern automation networks face, and not only at a TSN level.
‘’The increased interconnection with the world outside the manufacturing environments is one of today’s challenge” said Dr. Oliver Kleineberg. “Novel applications that have a very clear value-add attached to them, such as remote access solutions that enable remote machine maintenance from the internet, enforce the industrial networks to open up and to expose themselves to new potential threats. Computer worms, such as Stuxnet, have demonstrated in the past that the proverbial ‘air gap’ is not a means to defend an industrial network. With complete connectivity, even threats such as Distributed Denial of Service (DDoS), for example through botnets, evolve as a new threat potential to automation networks” continued Dr. Kleineberg.
He also pointed out that mission-critical networks utilize protocols that differ from the typical IT protocols, such as elaborate mechanisms to provide fault-tolerant network paths or for precise time synchronization. These protocols can be targets for cyber-attacks. In case of TSN, the topic of time synchronization is of major importance.
Being able to defend ourselves from external attacks is pivotal, but it is as important as identifying the most sensitive points. Time synchronization is, for instance, a new attack surface which needs to be protected. “The scheduling mechanisms of TSN, which are core functionalities, rely on synchronized clocks in all Ethernet switches and end devices. For TSN, mostly the time synchronization protocols IEEE 1588 or the IEEE 1588 profile 802.1AS are used. These protocols, by themselves, do not have security mechanisms built in. By attacking the time synchronization protocol, a potential attacker could effectively press a denial-of-service attack against TSN itself. With degraded time performance, the performance of TSN also degrades –to the point where deterministic network transmissions are effectively no longer possible’’ explained Dr. Kleineberg.
Firewalls and network access control are nowadays effective state-of-the-art defense mechanisms, according to Dr. Kleineberg: “Firewalls can be configured to drop IEEE 1588 traffic that is transmitted from specific areas of the network, such as service networks or ports. In addition, network access control such as IEEE 802.1X can be used to stop devices from sending data to the network from an access network port in the first place. This can be incorporated into a zones and conduits defense in depth approach, as specified in IEC 62443 as a best practice for automation networks.”
An effective defense, constituted by the balanced mix between technology and best practices – with special care in some cases when it comes to TSN, is therefore possible. Isn’t it good news?
When it comes to TSN, the timing impact is of great importance. When this element is taken correctly into account, it is possible to minimize the threats: Security and time-sensitivity will be able to co-exist. “The value-add of the TSN functions is that it adds determinism and bounded latency to standard IEEE 802 Ethernet. Previously, this was only possible with vendor-specific enhancements and not on a broad technical basis. Bounded, pre-determinable latency requires any device on the communication path through the network to operate with a minimum level of jitter. If too much jitter is introduced, possibly at several devices on the communication path, the bounded latency promise of TSN could be violated” said Dr. Kleineberg. We also started to jitter. “However, this can be offset by strategically placing SPI firewalls at points in the network where the requirements for timing precision are not that high and larger amounts of jitter can be tolerated.’’ We now feel more relieved!
The timing is perfect now to deal with another delicate issue when it comes to network security: sustainability and ethics. This topic concerns mostly the infringement of personal data and privacy violation, but this is usually not the case of industrial automation, where data is not associated with individual users. The topic here is more related to safety of the operators at a plant level. “Some machines employ elaborate safety measures to protect the health of plant operators. If these safety measures are compromised, for example through a cyber-attack, the cyber-attack may potentially lead to a subsequent safety incident’’ illustrated Dr. Kleineberg. “This is why cybersecurity plays an extremely important role in modern automation networks where human-robot collaboration and all the safety measures that go along with it have to receive special care and protection’’ he added. Cybersecurity nowadays is therefore a subject strictly linked also to machine safety.
Artificial Intelligence is always a complex topic to deal with. Will it be possible to predict cyber-attacks in the future? The answer is, most likely, Yes, but a broader explanation should be based on other pre-conditions. ‘’The question is more about which technology and in which capacity AI is going to help. AI, as in expert systems or in artificial neural networks can be very useful, for example, in pattern detection, as we can see even today. This can help for cyber-attacks prediction, where the identification of the correct correlation of events that could end in an attack it’s fundamental. For the foreseeable future, it’s likely that tools that are based on AI mechanisms will determine a certain percentage of likelihood for a cyber-attack – with a substantial margin for error’’ said Dr. Kleineberg. Now don’t panic: AI-aided systems will most likely need to interact with human to perform an effective pre-determination.