Cybersecurity in OT: What is important in securing industrial plants?
by Svenja Koch
Digitalization, the IoT and Industry 4.0 are enabling ever more extensive networking of machines and systems. Technical progress not only enables completely new fields of application - but also brings with it previously unknown cyber threats. Most plants and machines were installed at a time when cyber attacks were not yet an issue - the available security level is correspondingly low. Industrial security has received insufficient attention. A real invitation for cyber criminals!
The difference between IT and OT
There are still major differences between the two "ecosystems" of IT and OT, even though the areas are increasingly converging in the course of Industry 4.0. IT has long been trained in cyber threats - while the realization of security measures in the OT environment is made almost impossible by a lack of flexibility in changing the basic IT architectures. In IT, the life cycle of the hardware and software used is 3 - 5 years. The OT of machine and plant operators, on the other hand, has to deal with a much longer service life of the individual components - in some cases up to 25 years. Thus, the OT has to handle very old security gaps - for which no security concepts exist at all. Most security gaps in the industrial security sector are caused by outdated IT operating systems that have to cope without the possibility of updates or security patches. Changes to systems are not easy to implement, as machines operate around the clock and in real time - with every single second of runtime affecting profitability. In IT, on the other hand, downtime caused by applying updates is tolerable, as these systems allow for much more flexible scheduling. There is also a big difference between IT and OT when it comes to security. Cyber attacks on IT are likely to result in data loss, confidentiality breaches or extortion. With cyberattacks on plant and machinery, human lives can be put at risk.
A few numbers from Industrial Security
- 6 out of 10 industrial companies with more than 100 employees use Industrie 4.0 applications
- 67 percent of industrial companies see data protection and data security requirements as the biggest challenge to digital transformation
- 58 percent of all industrial companies see the lack of specialists for Industrie 4.0 and IoT as a major obstacle
One of the biggest challenges of digital transformation
In the past, IT (Information Technology) and OT (Operations Technology) were completely separate. IT had different communication protocols than OT and the two areas had no points of contact with each other. Cyber attacks on machines or systems were simply not possible - and the interest of cyber criminals was correspondingly low. Today, however, the threat situation looks completely different. In the course of Industry 4.0 and the networking of machines and plants with each other (IoT), the requirements for efficiency and cost-effectiveness are increasing, which is expressed, among other things, in advanced, Internet protocol-based networking of Industrial Control Systems (ICS). This networking, in addition to all its benefits for everyday work, also offers a major challenge: cyberattacks from inside and outside are becoming much more likely. Manufacturing companies now face the major task of reconciling reliable production and digital transformation - and responding quickly, effectively and correctly in the event of cyberattacks. However, many of the "classic" industrial companies are not yet aware of the dangers posed by cyber threats of all kinds. The lack of knowledge around cyber threats means that industrial security does not (yet) play a major role in the manufacturing sector. Accordingly, awareness of the risk of cyber attacks is low. What one person is not aware of, another is happy about. Cyber criminals have countless opportunities to gain access to systems. Once plugged into the corporate network, hackers can disrupt or paralyze production - and, of course, grab valuable data. Another cyber threat manifests itself in so-called ransomware. These programs encrypt data - and the cybercriminals only release the data after paying a ransom.
The big challenge for OT now is to understand the new forms of crime - and to implement industrial security that will protect the digital factories of the future from cyber threats of all kinds. Because that's the only way to mitigate the ever-increasing threat landscape. And reduce the economic risk for companies.
What problems are currently emerging in the course of Industry 4.0?
OT is currently not yet comprehensively capable of detecting cyberattacks in a reasonable amount of time. As a result, it often takes far too long for cybercriminals to be detected in the networks of manufacturing companies - with potentially fatal consequences. Production networks, which mostly only control machines and trigger processes, are mostly free of human access. This means that these systems are not designed to detect and report cyber threats. At best, production networks respond to irregularities with some delay - providing ample time for cybercriminals to pursue their schemes. While industry IT security is no stranger to OT, the focus in terms of security is on reliable operation and smooth functionality of machinery and equipment. Industrial security that is appropriate to today's threat situation has been neglected in many production companies up to now. On the one hand, because until a few years ago there was no need for security measures against cyber threats, and on the other hand, because the integration of cyber security systems in production is highly complex and difficult. As an example, consider the implementation of security updates. Production facilities are mostly in operation around the clock, 365 days a year. It is immensely difficult to find an optimal time for updates here without causing production downtime. OT must also guarantee that all plant components and machines continue to function smoothly after an update.
What are the threats to IT security in the industry?
We are already used to cyber attackers regularly penetrating government or corporate networks and stealing data. Customer data that is stolen and then published on the network or extortion by ransomware have also long been part of everyday life. In the case of cyber attacks on industry, however, the everyday threat situation can easily turn into a danger to life and limb. This is because companies in the critical infrastructure sector - gas and water suppliers, energy producers, the healthcare sector, the financial industry and the transport sector - are now more networked than ever before as a result of Industry 4.0 and the IoT. And thus the target of a wide variety of hacker groups. None of us wants to imagine the consequences of a cyberattack on a nuclear power plant - or what would happen if cybercriminals cut off electricity across the board. But what exactly is currently threatening the IT security of industry?
Threat aspects in OT
1) Accessibility of productive systems in the network. Control systems from industry are repeatedly accessible unsecured on the network - even with complete, i.e. write access. What pleases management, namely the effortless retrieval of production data via mobile devices, is an invitation for hackers - because password protection is still an annoying, inconvenient appendage in many companies.
2) Outdated operating systems. In the manufacturing industry, control systems are used on machines and systems, some of which are several decades old. Running operating systems without security updates is also no exception. Windows XP or Windows 2000 are still widely used in many plants despite Industry 4.0 and the IoT.
3) Lack of updates. IT security in industry cannot be secured "just for the sake of it" with updates and patches. Production operations do not allow for interruptions - and furthermore, changes after an official acceptance on machines and systems are often prohibited due to security concerns
4) Remote maintenance. Maintenance of machines and systems via the Internet saves costs, time and effort. However, remote maintenance systems rarely meet industry IT security requirements. Rather, there is a lack of effective safeguards for the components networked by IoT, which opens the door to cyber threats of all kinds in production.
What is important for securing industrial plants?
In view of the threat situation, it must be the declared goal of every plant operator to ensure industrial security by minimizing the probability of occurrence via the IoT. Only continuous monitoring and careful implementation of security measures by plant operators can ensure a sufficient level of protection in the industrial security sector. However, all measures cannot just be technical solutions - because cyber security and thus also industrial security cannot be bought as a ready-made product off the shelf. Instead, comprehensive concepts are required that cover all hazard scenarios as far as possible. Ideally, industrial IT security should consist of several security layers - on the one hand, passive layers such as firewalls or antivirus software, and on the other, active layers such as threat hunting or incident response services. Specialized service providers can ensure the IT security of the industry with their service quickly, reliably and unaffected by the lack of specialists and divergences between IT and OT. Active Cyber Defense, for example, or ACD for short, analyzes all communication within a network from the inside out and searches specifically for anomalies. In many companies with connected production, the networks are often not segmented or separated from each other. Also, the network traffic over certain protocols and ports is not regulated in most companies. This means that OT systems do not notice that they are connecting to servers on the Internet - and are thus quietly and secretly compromised by cybercriminals.
With ACD, any IP-based communication from within the OT infrastructure can be analyzed for anomalies. ACD works independently of the operating systems in use, can be deployed agentlessly, and enables industrial companies to check whether OT systems are connecting to services on the Internet without being noticed. In particular, the agentless use of ACD represents a major advantage for industrial security. This is because the installation of agents on end devices is often technically unfeasible or not permitted by the manufacturers. All analysis activities of the ACD are based on IP protocols and not on specialized plant communication. This significantly simplifies the integration of services into a company's industrial security - and enables reliable all-round protection against current and future cyber threats.
Industry 4.0 and the IoT are no longer a marginal phenomenon - but have long since arrived in many manufacturing companies. IT security in industry must counter the new threat situations and try to stay one step ahead of the cyber criminals. With specialized service providers and services such as ACD, among others, industrial IT security can counter all cyber attacks. And it has to, because one thing is for sure: Hackers are guaranteed to find any vulnerability within a system - and especially in critical industrial sectors, they can not only cause great financial damage, but also endanger human lives!