In the Autumn of 2014, a cyberattack on one of the metal works in Germany took place. The hackers used sociotechnical tricks and exploited holes in the security systems to take control over SCADA systems managing the operation of automation systems and caused the metallurgical furnace to overheat. As a result, the plant was forced to interrupt its operation and suffered heavy financial losses. Although the BSI (German Federal Office for Information Security) did not give a specific date and place of the attack, the methods used are known. At the first stage, the attackers broke into the office software network in the plant using credulity and non-compliance of the employees with security rules. In the next stage, the attackers took control over the SCADA system which did not have any security mechanisms or any function to analyse atypical network traffic. The attackers changed the process parameters and caused a serious malfunction of the furnace.
This is not the only case reported. In 2010, ‘Stuxnet’ virus infected the PLCs managing the operation of centrifugal separators in the Iranian nuclear plant, changing their operating parameters to cause failure. In 2015, an Ukrainian power grid was attacked and the hackers were able to successfully disrupt electricity supply to the 1.4 million end consumers. The number of attacks on industrial systems increases, and cybersecurity must be treated with utmost seriousness.
Design and requirements for industrial automation systems differ from the requirements laid down for the telecommunication networks. In industrial automation, the key criteria are stability, reliability and integrity. Data confidentiality, a key factor in the telecommunication networks is moved to the background. Until recently, separating the control systems from LAN/WAN in the industrial automation system was treated very seriously, and it was believed that special communication protocols would guarantee security. ‘Stuxnet’ virus infecting the PLCs showed that this approach is not effective.
Fig. 1, Source: cd.powermag.com
A pursuit to increase the efficiency of manufacturing processes forces data exchange at the horizontal (OT) and vertical (IT) plane, and the growing number of network devices increases the risk of back doors, even in relatively secure systems. A combination of corporate telecommunications systems (IT) and industrial data transmission networks (OT) creates a layered structure, where each level has different specifications and requirements and different architecture of connections with the external systems. The systems can be secured using a multi-level security approach, similar to that used in strategic objects, often referred to as ‘Defence in Depth’ or ‘Castle Approach’. This approach addresses three aspects - physical, technical and administrative. In a well-designed industrial network security system, the tools forcing certain behaviour in users, monitoring and detecting modifications or installation of malicious codes, and tools providing quick response and recovery must be available.
A series of standards regarding cybersecurity are available, including NIST 800-53, NERC CIP for power industry or IEC 62443. The standards include guidelines for system designers, network device manufacturers and users by defining good practices for secure industrial automation systems. IEC 62243 lists the potential problems that must be addressed when designing network devices to ensure security, including
Fig. 2 Source: wikipedia.org
- No identification and authentication control.
Account and password management policy must be implemented individually for each user
- No access control.
Automatic log-out and access denial to the device after a specific time must be implemented.
- No data integrity.
Configuration and software update files integrity control must be implemented.
- No data confidentiality.
Encrypted connections must be used.
- No data flow restrictions.
Mechanisms, including access control lists at the network switches or access control through the approved IP address lists must be used.
- No quick response to events.
Event logs and real-time analysis of events must be used.
- Limited access to network resources.
The number of logged-in users or availability of non-encrypted HMIs must be limited.
From the hardware side, the requirements can be met by using secure managed Layer 2 or 3 switches and securing the end devices, e.g. PLCs by adding them to VLAN (Virtual LAN) and authenticating access to all devices via RADIUS or TACACS+. Managed edge switches must allow redundant networks using network reconfiguration protocols including FRNT, FRNT ring coupling or RSTP. Wireless networks require data encryption and redundant radio connections immune to external interferences. Those functions are offered by Antaira Technologies managed network switches, LMX/LMP series and ARS WiFi routers.
Cybersecurity of industrial automation systems will become more and more important in planning and design of industrial automation system infrastructure. The systems require constant monitoring, detection of anomalies and quick response to ensure internal security and quickly respond to attempts to penetrate the system or generate false commands to industrial automation systems. The standards specify good practices and requirements for system users, designers and component suppliers. System design requires a comprehensive approach to the problem and must include secure network devices, i.e. switches, routers or LAN controllers made by reliable manufacturers offering a long-term technical support.
ANTAIRA TECHNOLOGIES EUROPE