It is as always: as soon new technologies appear and were applied; criminal minds think about how they can be exploited. Since cyber crime appeared with the Internet, the cyber threats increased steadily and now, they are more dangerous than ever. Especially the Industry is in the focus, due to the latest trends to digitalization and the connection of OT with IT. The OT faces now the same security challenges than the IT but is way less prepared. This needs to be changed quickly.
How to face the cyber threats?
But there is light at the end of the tunnel. At least some vendors of automation systems started to integrate strong security features and capabilities into their industrial control systems (ICS). Siemens for example integrated a TLS-based communication between engineering- or HMI station to the controller to prevent unauthorized access and data theft by using strong encryption and authentication mechanisms. Also, the user management was improved and in general, the products are hardened and offer “security by default” in the engineering settings.
All such security enhancements make it possible, that ICS components are able to protect their data and their data transmission against data loss and unauthorized access by itself. This is a big step into more security and the prevention of down times due to cyber attacks. Together with flanking measures like network security, physical access protection and security monitoring an effective security concept based on the defense-in-depth strategy with several independent security layer in place can be established.
This is also the only way to deal successful with vulnerabilities. Vulnerabilities in products and software are inevitable. A quick fix and software patch is desirable, but even then, there is a period of high danger unless the patch can be applied or is available especially by zero-day-exploits. But with a defense in depth strategy the vulnerabilities cannot be exploited so simple, as there are still other security measures in place to protect the vulnerable devices.
The increasing networking of machines, plants, industrial control systems and automation solutions is eliminating the previous physical separation of OT (Operational Technology) from other IT systems. Classic IT security solutions are often not applicable to protect industrial environments and plants that are now potentially vulnerable to outside. Effective protection is often prevented by outdated operating systems, undesired interventions in ongoing processes, security updates that cannot be implemented or subsequent hardening measures. Probably every second successful attack has resulted in production or operational down times in the past.
Effective protection requires OT domain know how
Plant operator and machine builder need the integrated security capabilities in automation systems to establish a comprehensive protection against cyber attacks. It cannot be done without them. So, it is necessary that provider from industrial control systems have the knowledge to implement suitable security features, which presupposes that they know what are the main cyber threats in OT and how they can be mitigated. But on the other hand, they have also to use a comprehensive domain know-how, to ensure that the functionality and usability of the automation systems keep on top. Only such companies can be the right partner to support and advise how to protect industrial production plants. See also: www.siemens.com/industrialsecurity