Industrial Control Systems (ICS), which refers to the devices, networks, systems, and controls that are in place to automate and operate factory processes, is one of the most vulnerable points when it comes to cybersecurity.
Industrial Control Systems (ICS), which refers to the devices, networks, systems, and controls that are in place to automate and operate factory processes, is one of the most vulnerable points when it comes to cybersecurity. Cyberattacks in the manufacturing sector can have devastating effects as it leads to safety issues, downtime, and product defects. Hence it is crucial that manufacturers understand the vulnerabilities and best practices to ensure security.
In a recent post on
Schneider Electric’s blog, Gary Gillespie, VP of MDT Software, pointed out three vulnerabilities that are present in this sector. Employees and contractors who had access to an organization’s assets are the first among them. Modern business models that leverage the power of the Internet of Thing (IoT) is the second, as it has increased the potential surface of attack. Last, but not the least is the vulnerability of the device program data of an automation.
Solutions that are used to mitigate threats
Several products in the market claim to protect intellectual data in the automation layer. But Gillespie pointed out that although some are beneficial, none can offer complete protection to the control unit. Citing examples of the most common solutions that manufacturers use, he explained the myths and facts associated with them.
Firewalls, for instance, are often seen as a solution that can single-handedly protect the factory floor. Gillespie calls this a myth.
“Alone, firewalls have never been enough to completely secure a network,” he noted. “They may intercept many malware attacks, perhaps even the majority, but it only takes one application with improperly configured security to allow someone to get through.”
Similarly, there are some who suggest that plant isolation could result in better security. While keeping the devices disconnected certainly reduces the surface of attack, it does not guarantee complete protection as a simple USB drive carried by an employee is enough to cause trouble.
Using proprietary protocols instead of ethernet, network monitoring, ensuring IT security are all seen as other measures. But Gillespie suggests that these have their drawbacks as well. In his post, he went on to suggest three steps as best practices to maintain security.
Best practices for cybersecurity in industrial automation
As we have seen, each independent solution mentioned above has its drawbacks. This necessitates the use of an integrated approach. Gillespie’s suggested three steps are:
1. Prepare: Secure program intellectual property
Program revision copies should be stored in centralized storage systems that have flexible access privilege system.
2. Detect: Identify unauthorized changes
If there are differences between the program data that is stored in the file and that is running in the machine, it has to be detected and reported to the people concerned.
3. Recover: Undo the changes quickly
Once a potentially harmful change is detected, quick action with immediate access to centralized storage will help mitigate the risks.