Over the last several years, cybersecurity has grown from a fringe topic to a major concern within the industrial networking community. In that time, networking professionals and manufacturers have gone from asking why network security was important to how networks can be secured most effectively and efficiently.
Simultaneously, the US federal government has become more involved in cybersecurity issues, with President Obama signing the Executive Order—Improving Critical Infrastructure Cybersecurity—in February 2013. On March 12, 2013, General Keith Alexander testified to Congress about the Pentagon Cyber Command plan to set up 13 cybersecurity teams by 2015 to aid in large-scale cyberattack defense.
Should food and beverage manufacturers be worried about a growing security vulnerability in their operation? According to the Mandiant Report, an annual document compiled from numerous advanced threat investigations, manufacturing is one of the top-10 most targeted industries for cyber attacks.
According to the 2012 Cost of Cyber Crime Study from the Ponemon Institute, the cost of attacks within the US in 2012 was $8.9 billion. A Foreign Policy National Security Newsletter recently estimated the number much higher, at as much as $338 billion annually. Thomas Nuth of Hirschmann Automation and Control for Tofino Security thinks the second number is high, but “the fact remains—poor security is getting expensive. And a large portion of this total loss is incurred within the industrial automation and energy sectors.”
Industrial automation and infrastructure networks are so vulnerable to attack because most were built with reliability, not security, as the primary goal. “In a very real sense, all infrastructures are built on the industrial infrastructure base,” says Nuth. “The concept of the ‘network of everything’ that futurists and city planning commissions have spoken about optimistically for years has arrived.”
And with that network comes a host of industrial security challenges. As infrastructures grow in size and complexity, attackers can remain undetected for longer periods. Mandiant puts the median number of days before an advanced threat is discovered at 416, giving attackers time to inflict greater damage on the victim.
As attackers’ capabilities have grown, enterprise IT teams must keep up with tools including best-practice, deep-packet inspection capability in the field and zone protection network segmentation. A major problem, according to Nuth, is that IT solutions teams tend to focus on preventing the loss of confidential information rather than the reliability and integrity of the system.
In process automation, a central distributed control system (DCS) typically links to six or more auxiliary networks. These networks could include a safety instrumented system (SIS), sequence of events (SOE), analysis management data acquisition systems (AMDAS), plant information management systems (PIMS), vibration monitoring systems, position location systems, alarm management systems, fire and gas systems and building automation systems. While the diffusion of networks has led to increased profitability and industrial efficiency, without sufficient attention to security considerations, they only serve to increase cybersecurity vulnerability.
So, how can SCADA networks be secured? One important tool is the use of industrial security standards such as ISA/IEC 62443 (formerly ISA-99). Tofino offers a white paper on ICS and SCADA security available for download here.
It’s also important to use robust technology solutions designed for the manufacturing plant floor that can be integrated with industrial network management systems. According to Nuth, manufacturers should also deploy firewalls securing industrial protocols as well and practice zone-level security for defense in depth. Lastly, automation security benefits from open and effective collaboration between IT and engineering teams, facility management and workers.