It is necessary to define the context where companies are at the moment and have a clear understanding of all side effects connected to a cyber attack. In this article, we will especially focus on OT technologies.
What is Cyber Security?
Cyber Security is a set of means aimed at protecting computer systems from cyber attacks. Cyber Security involves several key factors, such as technical, organizational, legal, and human factors; these are all elements that are helpful to evaluate, implement and maintain over time the integrity of data shared outwards and vice-versa.
A cyber attack has economic goals as it is generally aimed at data theft. A personal electronic device, corporate network, and even a larger system or infrastructure can be hacked. In general, all IT technologies are nowadays in danger. However, there is an additional branch of Cyber Security worth to be considered: Industrial Cyber Security.
When talking about Industrial Cyber Security we specifically refer to the set of means applicable to industrial automation aimed at preventing control systems, such as PLC, SCADA, and HMI, from cyber attacks. These are indeed the devices that deserve the most serious consideration by businesses since they are the “heart” of production processes and Industry 4.0 itself. Cyber threats to OT systems can harm the entire production process, and their consequences may be catastrophic.
Cyber threats are a serious issue for Industry 4.0.
Cyber attacks on industrial control systems are a phenomenon that can no longer be ignored: the amount of data exchanged every day between the IT (Information Technology) and OT (Operational Technology) sectors have now reached epochal dimensions.
PLC, HMI, and SCADA are the “heart” of Industry 4.0, and that is why they are an attractive target for hackers. However, as specialists in the field, we recognize that the protection of OT technologies is still an underestimated topic, and control systems are therefore the “Achilles heel” for Industry 4.0.
What are the real consequences of a cyber attack? And what are the most appealing businesses and sectors for hackers?
To answer these questions, we will introduce some relevant data for the industry, as well as the most effective solution to protect information security that has been adopted by the most up-to-date businesses as of today.
What are the main risks related to a cyber attack?
Industrial Cyber Security involves all fields of industrial production – from critical infrastructures to the manufacturing sector and small and medium-sized enterprises. We therefore must ask ourselves what the immediate consequence of a cyber attack to an industrial plant, PLC, HMI, or a SCADA is:
An immediate freeze in production with related implications on financial volumes and machine safety.
Cyber attacks are a significantly growing threat. These attacks have increased by over 240% compared to 2011, and we can state that 2018 has been the worst year so far. Threats are always just around the corner for automation control systems which, if attacked, have very long payback times though.
This trend is increasing in terms of severity and consequent damages. As already mentioned, cyber damage causes an immediate blocking of production lines and therefore leads to production failure. Consequences are sometimes severe for the company that faced an attack. Cyber attacks on businesses globally cost ca. 250 billion dollars a year. Italy is among the first countries that are in the eye of the storm, likewise every country where the manufacturing sector is still one of the main sources of income.
A cyber threat is especially critical for small and medium-sized manufacturing businesses where employees often confuse a cyber attack with a failure in the production system. Despite the amount and relevance of data that can be stolen is generally smaller if compared with that of large multinational corporations, small and medium-sized companies are precisely the most appealing to hackers. Let us see why.
Recent research carried out by our specialists has shown how much the industry has become an increasingly profitable sector for potential hackers. Unlike what happens in the IT world, industries and especially manufacturing businesses, do not adopt adequate Industrial Cyber Security measures since they don’t see this as a problem with severe consequences. “We are not NASA or a bank”, is the most common reply given by the person who manages the company network infrastructures on a daily basis. Yet, in light of the recent developments oriented to Industry 4.0, every company, none excluded, is sharing an increasing number of data.
More and more manufacturers undergo malicious attacks due to well-known and low complexity vulnerabilities.
How to protect your industrial control systems
Before exploring the most effective solutions in terms of Industrial Cyber Security, it is necessary to underline a fact: few companies have a real perception of the risk connected to a cyber attack perpetrated on industrial control systems. As of today, a lot of companies intervene only after having suffered damage. Cyber Security is a complex process that must be developed starting from the awareness of the extent of the problem.
90% of companies are not fully aware of the physical characteristics of their own production infrastructure connected to the network.
Machinery, HMIs, PLCs, and switches are often added or replaced within different periods of time and with different characteristics that are often not tracked down over time. If we also take the frequent external maintenance interventions into consideration, the result is a “jungle” that is difficult to be managed in completely safely.
This is what happened the first time we dealt with a cyber security issue as Industrial Cyber Security consultants. Our customer company had been simply noticing for a few weeks a series of abnormal production stops of plants’ CPUs. Some devices were open to remote assistance from the manufacturer. Access had taken place by means of an IP address from outside by simply entering “admin, admin” as username and password. Too naive? Maybe. Anyway, this is what can happen if one underestimates the fact of being potentially appealing to hackers and, especially, the related consequences. In this specific case, the information packages that were recalling the IP had generated a sort of bombing: thousands of requests that once reached the CPU, had forced it to an immediate stop.
This is what data say:
Only 3% of companies have a clear mapping of their own production infrastructure; on the other hand, 75% are subject to at least one vulnerability by means of freeware tools available online.
This is alarming data. So, how to counterattack?
Tha IEC 62443 standard solutions
The first effective countermeasure against any cyber-attacks is the analysis of the automation infrastructure which is aimed at defining how much each machinery – production area or plant – may be potentially hacked and what the likely consequences are. This type of analysis helps companies understand the real extent of the problem and allows them to prioritize changes to their infrastructure based on the severity of the consequences that can be expected.
The most effective countermeasure is becoming aware of a cyber attack.
Only by analyzing the actual OT risk, it is possible to investigate in-depth which specific countermeasures must be implemented in a timely manner, with an adequate compromise between costs and benefits.
The application of the IEC 62443 international standard is the only defense-oriented to the automation sector that can be implemented for Industrial Cyber Security, even though it is limitedly known by companies as of today.
This standard covers all phases of the Cyber Security Lifecycle provided by the IACS – Industrial Automation Control Systems, which includes the assessment phase to analyze any vulnerability, as well as the implementation and consequent maintenance of safety performances against cyber threats.
Do you need immediate assistance in regard to Industrial Cyber Security?
Go back to the blog
