SEP-OCT 2017

Issue link:

Contents of this Issue


Page 36 of 57

INTECH SEPTEMBER/OCTOBER 2017 37 The path to cybersecurity By William Aja Tips and Strategies for Integrators | channel chat attack was discovered called Crash Override, which could map industrial networks and unleash an attack on vulnerable smart de- vices. It activated on its own, and took down an entire Eastern European power grid. Then in June, there was a report that a smart cof- fee machine became infected with malware that spread to several outdated Windows machines on the control network, shutting down a plant. In late July, Industrial Control Systems – Cyber Emergency Response Team (ICS-CERT) issued a report of vulnerabili- ties on a well-known telemetry device that caused it to transmit fraudulent data and un leash DDoS attacks meant to cripple inter- nal networks. The point is that as we demand more functionality and connected features from our control systems, we are increasing our risk for attack. The solution is not to aban- don these features in favor of security, or disconnect from the enterprise all together (a method that proved ineffective against WannaCry and NotPetya attacks), but rath- er to design systems to minimize the poten- tial attack surfaces and create a robust and constantly evolving defense strategy. One of the most critical pillars of all cy bersecurity plans is patch management. Staying up to date on the latest operating system and application patches ensures your infrastructure receives critical security updates meant to eliminate vulnerabilities. Unfortunately, companies often adopt one of two equally flawed patching strategies that leads to exposed attack surfaces and frustrated staff. The first is the deploy-all-patches method, which deploys patches that are not tested or approved by automation vendors, breaking automation systems and causing data qual- C ybersecurity is a big challenge for modern manufacturers. At an ISA conference a few years ago, I heard a panel discussion where an expert was asked why we did not see more cyber- at tacks on manufacturers. The expert re- sponded, "hackers probably don't know where to look; most people don't even know what a PLC is." Although there is some truth to this, another reason is that, until recently, auto - mation infrastructure was safe by design. Cyberattacks rely on a lot of factors for suc - cess, but they penetrate defenses through an attack surface. An attack surface is a place where an attack is capable of pen - etrating and infecting. Imagine your plant like a house, and cyberattacks are burglars trying to get in. Windows, doors, and ga- rages represent attack surfaces that need to be defended. Traditionally, control systems had very few attack surfaces due to their network design. Computers and server infrastruc- tures sat segregated behind firewalls, and connected devices and input/output (I/O) networks were shielded from attack. As more functionality is demanded of con- trol systems, this architecture has evolved, introducing new functionality, but also in- creasing attack surfaces. In some cases, this increase is obvious, in the form of expanding computer and server infrastructures, applica- tions that require enterprise connectivity, and unmanaged laptops used for troubleshoot- ing and code changes. In some cases, the attack surface grows in ways that are not immediately obvious, in the form of smart coffeemakers, Industrial Internet of Things (IIoT) devices residing at the I/O layer, security cameras, and telemetry devices. Although the main control network may sit behind a firewall, these devices often have their own connection to the enterprise network. There have already been assaults on these new attack surfaces. Late last year we saw a record-breaking distributed denial-of-service (DDoS) attack that was orchestrated using Internet security cameras. Earlier this year, an Cyberattacks rely on a lot of factors for success, but they penetrate defenses through an attack surface. An attack surface is a place where an attack is capable of penetrating and infecting. ity issues and downtime events. Burnt by the results of this method, manufacturers may then adopt the deploy-no-patches method, which avoids downtime events from unap- proved patches, but does not deploy critical security updates either. Networks are often air-gapped as a way to remediate this prob- lem, but even air-gapped and segregated networks can be infected, as seen by the most recent malware attacks. There are companies that work with manufacturers to implement designs with minimal attack surfaces and develop security platforms to manage patches for automa- tion systems that ensure only vendor-tested and approved patches are deployed onto in dustrial control networks. My company uses this tool to manage our internal com- puter infrastructure, and it is available for manufacturers to deploy internally, as well. The automation community needs to recognize that it is a collective social respon- sibility to protect our manufacturing plants, which produce so many products that are essential to our economy. The path to a full- fledged cybersecurity plan can seem over- whelming, but by simply decreasing attack surfaces and having robust security meth- odologies, you will be well on your way to a safer, more secure plant. n ABOUT THE AUTHOR William Aja ( is VP of customer operations for Panacea Technolo - gies, Inc. He focuses on delivering services ranging from cybersecurity and IIoT consulta - tion and feasibility studies to process control solutions and long-term service and support. Panacea Technologies, Inc., (http://panaceat - is a member of the Control System Integrators Association (

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - SEP-OCT 2017