Mitigate cyber attacks on manufacturing automation assets

by

Well we start the year 2024 with a new post. And always looking at the industrial Cybersecurity side.

Although I already made one about the mitigation in the water industry, and the ideas are easily exportable speaking in IIoT environments. Now we will do it from the prism side to mitigate cyberattacks on automation assets in manufacturing processes.

Lately, PLC, HMI and other systems have become the easiest targets for cybercriminals.

We'll cover some tips on how we can prepare for these types of attacks and I'll discuss some PLCs on the market with built-in cybersecurity.

As we well know, the way that the manufacturing industry was almost always protected was through isolationism from the outside world, or a little more advanced in history, through connection to networks managed by IT, which were already protected by “firewalls.” , “software” and antivirus.

Fortunately, over the past decade, PLC manufacturers have made progress in their efforts to protect PLCs, HMIs, and other systems from hackers and malware. Given cybercrime research firm Cybersecurity Ventures' forecast that cybercrime damages will reach $10.5 trillion a year by 2025, the need to protect the industry has become an absolute necessity.

How to understand the landscape of cyber threats in manufacturing processes.

Today, in manufacturing processes, PLC, IT and OT control systems are combined in a sophisticated way. Each component plays a key role in maintaining efficiency and productivity. And an attack in any of these areas can be devastating.
The trend to interconnect legacy systems with modern technologies opens a series of new entry points, thus increasing the attack surface.

Faced with these new threats, cyber resilience is becoming a central issue in the cybersecurity strategy.
As a definition, cyber resilience is an organization's ability to resist, recover and adapt to cyber attacks.
This occurs with a combination of many strategies that prevent or minimize the impact of an attack, maintain critical operations, and ensure effective and rapid recovery.

The human element in cybersecurity

As always, the human factor is key and is usually the weakest link. Social engineering attacks are the most common form of cyberattack and tend to be remarkably successful. Appropriate training in this area must be provided to employees, to understand the threats they face, and how their actions can affect the company's cybersecurity.

This implies that cybersecurity must be made a key part of the company culture, with clear and consistent communication by leaders (CISO, CIO, etc.)

Strategies to mitigate cyber attacks:

  1. Risk assessment and management:
    You should always do a comprehensive risk assessment, with inventory control being a good way to start. Identifying and evaluating potential risks such as; weak passwords, obsolete software, unsecured network connections, etc…
    These risks, correctly identified, are usually easy to reduce with techniques already known to everyone (updates, implementation of encryption...)
  2. Employee training:
    Regular, effective and up-to-date cybersecurity training for all employees is essential. Such training could cover topics ranging from identifying and avoiding phishing attempts, practicing good password hygiene, to understanding the importance and processes of software updates.
    This training must be as clear and concise as possible. And or be a burden for the employee, since we can lose their attention.
  3. Layered defense:
    Also known as “Defense in Depth”, this approach involves the deployment of a series of mechanisms (firewall, IDS, IPS, encryption, periodic audits, etc…)
    Having multiple layers reduces, to a high degree, the probability of a successful breach.
    Dividing the PLC and computer networks into subnets or segments are other examples.
  4. Legacy systems:
    Here's another Achilles heel, older equipment may require a number of extra layers, such as limiting physical access to ports, using an intermediate data collection PLC as an information gateway.
    In this type of environment, physical and cyber security are not two separate entities, but must be seen as a total set and must be perfectly integrated.
    Surveillance systems can be used as deterrents, in addition to providing valuable information in case of infringement.
  5. Incident response:
    Having a well-structured and rehearsed response plan will drastically reduce damage and recovery time. This plan must include perfectly defined roles and responsibilities, communication protocols, steps to isolate affected systems, and recovery processes.
    In addition to the post-incident analysis.
    A key element in recovery is having backup copies to reload the system as soon as possible, with the latest, most up-to-date configuration.
  6. Monitoring and improvement:
    There must be a system for constantly monitoring and updating security measures. Being subscribed to various intelligence channels is a great step. In order to be prepared for other possible attacks.
    PLC programs can be automatically audited for unauthorized modifications against other secure backups.
  7. Supply chain security:
    Manufacturers must understand that they are a fundamental piece in the cybersecurity and operation of their clients. They must extend their efforts to their suppliers. This includes conducting audits, collaborating on best practices, and drafting contractual requirements related to cybersecurity measures.

PLC Safety

While the concept of integrated cybersecurity in PLCs is recent and still evolving, some companies have begun to integrate basic security features into their PLCs to address this issue. Here are some examples:

  1. Siemens S7-1500: Cybersecurity features of S7-1500 PLCs include access protection: programming devices and HMI panels require specific user authorizations to connect; communication integrity, where data is protected from tampering during transmission using encryption and message authentication codes. Even PLC to PLC and PLC to HMI communication requires devices to connect to each other to close an otherwise open path.
  2. Rockwell Automation ControlLogix 5580: These controllers include a set of security features, such as role-based access control, encrypted and digitally signed firmware, change detection, logging and auditing security features, as well as IP and MAC address protection.
  3. Schneider Electric Modicon M580: Features like built-in cybersecurity, Ethernet encryption, and Achilles Level 2 certification, an industry-recognized cybersecurity certification that indicates a high level of protection against known cyber threats.
  4. Honeywell ControlEdge PLC: Secure boot prevents unauthorized firmware loads, a secure default state to improve out-of-the-box security, and robust user controls to manage access.
  5. ABB AC500-S: Cybersecurity features including user management, role-based access control, and firewall. It is designed to comply with the IEC 62443 standard, an international cybersecurity standard for industrial automation and control systems.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

en_GBEnglish
en_GBEnglish es_ESSpanish