It has been five years since Ukraine experienced a first-of-its-kind cyber attack on its power grid. Infiltrating the network through weak spots, hackers caused widespread black outs in December 2015. Unfortunately, Ukraine’s power companies are not unique in their technology or vulnerability. As Reinhard Mayr, Head of Information Security and Research Operations at COPA-DATA, explains, asset management is critical for ensuring security in industrial infrastructure and production plants.
For both sprawling energy grids and manufacturing facilities, ensuring industrial security is vital. However, managing security in established manufacturing plants is often very complex. Because the infrastructure has been in place for long periods of time, sometimes upwards of 20 years, its equipment is often lacking in modern security features.
Older plant machinery is sometimes referred to as brown field equipment and is often designed and installed without consideration for cyber security. Let’s face it, at the time of manufacture, the concepts of machine-to-machine (M2M) communication and smart factories were still futuristic ideas. The problem is smart factories are no longer an aspiration, but commonplace.
Today, brownfield equipment is often intertwined with newer machinery on complex industrial networks. These networks are enriched with a plethora of smart devices and machinery - all of which can communicate between one other. I won’t go into the obvious advantages of smart factory equipment, but what are the risks of integrating these devices with their older, less secure predecessors?
Unsecure devices provide a weak link in a network. While newer equipment may be protected against attacks, a weak spot will provide an infiltration point for an attacker to enter the network and gain further access.
In the Ukraine power grid example, hackers spent several months conducting straightforward phishing techniques to gain access to the corporate network. This was managed by encouraging workers to open a Microsoft Word attachment. This initial intrusion provided limited access to the network, but it allowed hackers to orchestrate an extensive reconnaissance effort to identify further opportunities for advancements.
Unprotected production equipment can provide a similar starting point for cyber attackers. To minimise the risk, plant managers must implement a security strategy that considers these older, non-secure assets.
The first and most painful step of asset management is conducting an audit of equipment in a facility. Let’s face it, a plant manager cannot secure what they are not aware of. Thankfully, there are tools to simplify the process.
Radiflow’s iSID Detection and Analysis Platform, for instance, can be used to identify vulnerabilities in OT networks. When integrated with data from an existing SCADA system, like COPA-DATA’s zenon, it can audit the entire facility with ease.
Once all assets are visible, the next step is to define ‘zones’ of different devices. As defined in the IEC 62443 standard - the global standard for the security of Industrial Control System (ICS) network - a zone is a grouping of independent assets that possess a set of certain characteristics and security requirements.
By defining zones, plant managers can limit connection points to each zone as appropriate. For instance, limiting access points to the OT network or any areas in which there are high consequences for a security breach would be a sensible approach.
As COPA-DATA is certified in accordance with IEC 62443, zenon offers a series of features that can speed up the asset recognition and zoning process. Using its Multiple Project Administration tool, an operator can determine several asset zones digitally and visualise these zones in a central control room. COPA-DATA is the only provider to offer this tool.
It would be foolish to believe that once a cyber security strategy has been implemented, plants are completley protected against cyber attacks. This was a harsh lesson for the Ukraine power grid, when it was attacked for a second time in 2016.
The second attack was more sophisticated and used automation tools to speed up the process. Using this technology, hackers programmed the system tosend repeated commands to equipment to switch the flow of power. The attack performed blackouts more quickly, with less preperation and with fewer humans involved than the first instance.
Ukraine’s example should be a stark reminder that, as the sophistication of hackers grows, cyber security strategies must advance too - that goes for national energy grids and manufacturing plants.