Andrew Kling, Director of Cybersecurity and Software Practices, Process Automation Business, Schneider Electric
Today, there is more technology-driven possibility at our fingertips than ever before. Within the manufacturing industry, the industrial internet of things (IIoT) and digital tools like artificial intelligence (AI) and augmented reality are being applied to drive undisputable business value. Organizations now have an unprecedented quantity of data, and with it, the ability to make real-time decisions that improve the performance and profitability of their industrial assets and operations.
However, with these new opportunities comes risk. We are in a new geopolitical climate where malicious actors have unlimited time, resources and funding to carry out cyberattacks on industrial systems. However, what’s clear to those in the cybersecurity field is less apparent to others in our industry: It is surprising to learn many industrial organizations continue to take a conservative approach when it comes to cybersecurity. It’s time to evolve this culture.
While many in the industry take a “if it ain’t broke, don’t fix it,” attitude, as technology advances and connectivity increases, so does the attack surface. In the age of IIoT, organizations can’t afford to rely on older practices and safeguards as they are not always strong enough to mitigate the threats of today. The increasing demand to have better visibility into and control over plants’ performance must be balanced with appropriate levels of cybersecurity to protect assets, operations and people.
Five Innovations for Industrial Organizations
As leaders look to safeguard industrial operations from cyberattacks, it is helpful first to better understand how digitization and connectivity are changing industry, as well as the associated risks and how to protect against emerging threats.
As the evolution of technology and IIoT continues to drive the demand for connectivity, our communication channels are also improving. While this is a positive thing for business operations, these new mechanisms also contain risks:
• The Scaling Attack Vector – Broader connectivity between people and assets means additional attack surface and more threats of attack. To reduce these threats, it is prudent to adopt and enforce modern security techniques and best practices, which includes implementing only secure IIoT devices.
In the age of IIoT, organizations can’t afford to rely on older practices and safeguards as they are not always strong enough to mitigate the threats of today
• Bandwidth and Convergence – As bandwidth increases, convergence of multiple physical networks into one common network will rise. Applying proper cybersecurity principles to protect all network traffic should increase proportionaly. Leaders should also consider a backup channel to move critical traffic if circumstances arise.
• Wireless – Industrial manufacturing has been slow to adopt wireless technology and applications. This is primarily due to denial of service attacks that can take place when a wireless signal is compromised. Proper site RF mapping to provide appropriate coverage is key to thwarting such attacks. For the industrial control system (ICS) world, wireless is best used in non-critical control situations, where intentional or unintentional outages don’t carry a large impact.
• 5G – As 5G opens up bandwidth, it will be an attractive target for hackers. While many of the safeguards will be borne by signal providers, users will also be responsible for understanding how 5G alters the threatscape. Be sure to take precautions to encrypt traffic: Only move data that requires movement and always authenticate data before trusting it.
For industrial operations, edge computing can now run traditional applications in the control layer and extend connectivity to any range of devices, including virtual space. This gives plants the opportunity to create smarter assets, which means giving them certain levels of control capability so they can autonomously improve their own real-time safety, efficiency, reliability, environmental impact and even profitability. However, all these assets must be secure to ensure the operation is protected.
The attractiveness of edge device computing does not change the base requirement of providing a robust, cybersecure solution. Unique challenges with edge include the misconception that just because a device is small and/or obscure, it is exempt from having to be cyber-secure. Crippling these devices with weak encryption, hard-coded backdoors and other security traps is the result of poor implementation and the lack of a dynamic security policy. Steer clear of any edge device that isn’t capable of protecting against edge-based attack vectors. The world’s critical infrastructure depends upon this. In addition, edge devices still carry security responsibilities, such as authentication and authorization, and must demonstrate they can resist attacks and preserve availability, integrity and confidentiality.
While cloud computing provides business agility, organizations should be very cautious when selecting a provider.
Many assume their cloud service is delivered securely, but experiences with cloud providers are commonly just the opposite: IT professionals must develop a customized authentication and authorization strategy, information strategy, endpoint protection scheme and networking strategy, just as if the organization owned the physical platform elements.
From on-site hosting cloud/fog services to the ever-expanding cloud, virtualization has become the expected course of action. In the industrial world, we’ll start to see unique ways to break applications apart into smaller service components (containers) and lighten the footprint of the entire computing platform.
Conversely, virtualization carries inherent hazards. Because it uses a concentration of applications to share common compute and communication resources, special attention needs to be paid to ensure hypervisory layers are hardened against attack. Organizations must tighten access controls surrounding the core operating system (OS), pay careful attention to the timely application of patches and use secure boot techniques to lessen the chances of a compromised core OS.
The increase in raw compute power and the ability to gather data into huge repositories opens the potential of AI-driven analytics and amplifies traditional analytics. While this enables operators to become real-time business decision makers, organizations must also ensure they’re meeting the special cybersecurity needs for analytics.
Data lakes, which are concentrations of large amounts of data, feed analytical engines. The integrity of the data is paramount to the effectiveness of the analytics. Applying data integrity mechanisms from the field device through the analytics engine is critical to ensure the decisions being driven by these engines can be trusted.
As technology continues to open more possibilities for industrial manufactures to succeed, cybersecurity must be a top priority. While it is up to everyone to ensure strong security, IT professionals play a key role in helping all business stakeholders apply and maintain safeguards, ensure industry cybersecurity standards are being implemented and adhered to, and making security part of the operational lifecycle.
Because attack vectors will continue to expand as industry continues to digitize, there must be heightened focus, discipline and vigilance when it comes to cybersecurity. It must be a part of the operational lifecycle of all technology within organizations and cannot be viewed as a one-off project. Attacks on industrial control systems in the era of IIoT are escalating, and they extend across industries, geographies and broader society. We must continue to evolve our cyber-defenses to ensure our assets, operations and people are continually protected as the technological landscape evolves.