In order to fully understand what Cyber Security really means and what we can do to protect our devices, it is necessary to define the context where companies are at the moment and have a clear understanding of all side effects connected to a cyber attack. In this article we will especially focus on OT technologies.
Cyber Security is a set of means aimed at protecting computer systems from cyber attacks. Cyber Security involves several key factors, such as technical, organizational, legal and human factors; these are all elements which are helpful to evaluate, implement and maintain over time the integrity of data shared outwards and vice-versa.
A cyber attack has economic goals as it is generally aimed at data theft. A personal electronic device, corporate network, and even a larger system or infrastructure can be hacked. In general, all IT technologies are nowadays in danger. However, there is an additional branch of Cyber Security worth to be considered: Industrial Cyber Security.
When talking about Industrial Cyber Security we specifically refer to the set of means applicable to industrial automation aimed at preventing control systems, such as PLC, SCADA and HMI, from cyber attacks. These are indeed the devices that deserve the most serious consideration by businesses since they are the “heart” of production processes and the Industry 4.0 itself. Cyber threats to OT systems can harm the entire production process, and their consequences may be catastrophic.
Cyber threats are a serious issue for the Industry 4.0.
Cyber attacks to industrial control systems are a phenomenon that can no longer be ignored: the amount of data exchanged every day between the IT (Information Technology) and OT (Operational Technology) sectors has now reached epochal dimensions.
PLC, HMI and SCADA are the “heart” of the Industry 4.0, and that is why they are an attractive target for hackers. However, as specialists in the field, we recognize that the protection of OT technologies is still an underestimated topic, and control systems are therefore the “Achilles heel” for the Industry 4.0.
What are the real consequences of a cyber attack? And what are the most appealing businesses and sectors for hackers?
To answer these questions, we will introduce some relevant data for the industry, as well as the most effective solution to protect information security that has been adopted by the most up to date businesses as of today.
What are the main risks of a cyber attack?
Industrial Cyber Security involves all fields of industrial production – from critical infrastructures to the manufacturing sector and small and medium-sized enterprises. We therefore must ask ourselves what the immediate consequence of a cyber attack to an industrial plant, PLC, HMI or a SCADA is:
An immediate freeze in production with related implications on financial volumes and machine safety.
Cyber attacks are a significantly growing threat. These attacks have increased by over 240% compared to 2011, and we can state that 2018 has been the worst year so far. Threats are always just around the corner for automation control systems which, if attacked, have very long payback times though.
growth rate of cyber attacks
This trend is increasing in terms of severity and consequent damages. As already mentioned, a cyber damage causes an immediate blocking of production lines and therefore leads to production failure. Consequences are sometimes severe for the company that faced an attack. Cyber attacks to businesses globally cost ca. 250 billion dollars a year. Italy is among the first countries that are in the eye of the storm, likewise every country where the manufacturing sector is still one of the main sources of income.
A cyber threat is especially critical for small and medium-sized manufacturing businesses where employees often confuse a cyber attack with a failure in the production system. Despite the amount and relevance of data that can be stolen is generally smaller if compared with that of large multinational corporations, small and medium-sized companies are precisely the most appealing to hackers. Let us see why.
annual cost for cyber damages
Recent research carried out by our specialists has showed how much the industry has become an increasingly profitable sector for potential hackers. Unlike what happens in the IT world, industries and especially manufacturing businesses, do not adopt adequate Industrial Cyber Security measures since they don’t see this as a problem with severe consequences. “We are not NASA or a bank”, this is the most common reply given by the personnel which manages the company network infrastructures on a daily basis. Yet, in light of the recent developments oriented to the Industry 4.0, every company, none excluded, is sharing an increasing number of data.
More and more manufacturers undergo malicious attacks due to well-known and low complexity vulnerabilities.
Traditional manufacturing companies allow hackers to cause damage with an even higher success rate than compared to the same effort made against large companies, therefore making the attack itself more successful. What solutions can be found?
Results from research will help you understand how to protect your industrial control systems
Before exploring the most effective solutions in terms of Industrial Cyber Security, it is necessary to underline a fact: few companies have a real perception of the risk connected to a cyber attack perpetrated to industrial control systems. As of today, a lot of companies intervene only after having suffered a damage. Cyber Security is a complex process that must be developed starting from the awareness of the extent of the problem.
90% of companies are not fully aware of the physical characteristics of their own production infrastructure connected to the network.
Machineries, HMIs, PLCs, and switches are often added or replaced within different periods of time and with different characteristics that are often not tracked down over time. If we also take the frequent external maintenance interventions in consideration, the result is a “jungle” that is difficult to be managed in complete safety.
aren’t familiar with their own network
This is what happened the first time we dealt with a cyber security issue as Industrial Cyber Security consultants. Our customer company had been simply noticing for a few weeks a series of abnormal production stops of plants’ CPUs. Some devices were open to remote assistance from the manufacturer. Access had taken place by means of an IP address from outside by simply entering “admin, admin” as username and password. Too naive? Maybe. Anyway, this is what can happen if one underestimates the fact of being potentially appealing to hackers and, especially, the related consequences. In this specific case, the information packages that were recalling the IP had generated a sort of bombing: thousands of requests that, once reached the CPU, had forced it to an immediate stop.
As a result of research conducted on a sample of companies from the most varied productive sectors, the following data has become apparent:
Only 3% of companies have a clear mapping of their own production infrastructure; on the other hand, 75% are subject to at least one vulnerability by means of freeware tools available online.
This is alarming data. So, how to counterattack?
are able to map their network
are subject to more than one vulnerability
IEC 62443 Standard: the most effective solution for Industrial Cyber Security
The first effective countermeasure against any cyber attacks is the analysis of the automation infrastructure which is aimed at defining how much each machinery – production area or plant – may be potentially hacked and what the likely consequences are. This type of analysis helps companies understand the real extent of the problem and allows them to prioritize changes to their infrastructure based on the severity of the consequences that can be expected.
The most effective countermeasure is becoming aware of a cyber attack.
Only by analysing the actual IT risk it is possible to investigate in-depth which specific countermeasures must be implemented in a timely manner, with an adequate compromise between costs and benefits.
The application of the IEC 62443 international standard is the only defense oriented to the automation sector that can be implemented for Industrial Cyber Security, even though it is limitedly known by companies as of today.
This standard covers all phases of the Cyber Security Lifecycle provided by the IACS – Industrial Automation Control Systems, which includes the assessment phase to analyze any vulnerability, as well as the implementation and consequent maintenance of safety performances against cyber threats.
is the Standard for Cyber Security
In conclusion, companies wishing to protect their control systems from cyber attacks have to define the entire Cyber Security Management System (CSMS), in line with the IEC 62443 standards, and adopt procedures and strategies aiming at preventing cyber attacks and protecting their own systems. However, Cyber Security is mainly an iterative process that needs to be constantly monitored and periodically implemented by means of maintenance activities. This is the only way to ensure that the data flow which can be shared outwards is safe from cyber threats, avoiding catastrophic consequences for companies.
In our next article, which will entirely focus on the IEC 62443 international standard, we will delve into the key points required by this standard from a technical point of view.
In the meantime, one thing is certain: companies that first adopt measures such as the application of the IEC 62443 standard will benefit in the future, since cyber attacks to the Industry 4.0 is an issue that will certainly increase in the future.Back to the Blog