Safety through security to protect your business

Security isn’t only about protecting data and uptime. It’s about protecting people and the environment, as well as the critical infrastructure and supplies on which our communities depend. Organisations that want to stay ahead of these risks must comply with the latest standards, conduct a comprehensive risk analysis and implement risk mitigation measures using the latest technologies.

An increasing reliance on technology and interconnectedness in infrastructure management has resulted in cybersecurity challenges becoming a significant concern which must be addressed.

As more critical infrastructure is connected to the internet or accessible to staff, it is increasingly targeted by hackers and cybercriminal gangs interested in breaching and examining operational technology (OT) networks to lay the groundwork for future attacks. Cybersecurity weaknesses in industrial networks aren’t new, but as networks of cybercriminals become more sophisticated, it will lead to significant problems if we do not take proactive measures.

NHP works closely with Rockwell Automation and Claroty to provide comprehensive cybersecurity solutions beyond just network security. We protect the integrity and availability of your complex automation solutions.

Critical infrastructure security has become a primary concern for governments worldwide. The US, UK, EU, Canada and Australia each identify sectors deemed ‘critical infrastructure’, such as communications, transport, energy, water, healthcare and public facilities. In some countries, critical infrastructure is state-owned; in others, like the US, private industry owns and operates a much more significant portion.

Governments concerned about disruptive and dangerous cybersecurity attacks on plants and critical-infrastructure operations are already working with manufacturers and industrial operators. For example, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in the US responded to 295 cybersecurity incidents in 2015 across 16 critical-infrastructure sectors.

The three sectors that garnered the most responses were:

• Critical manufacturing (97 incidents)
• Energy (46 incidents)
• Water and wastewater (25 incidents)
   

A cyber-attack on facilities across a spectrum of industries can temporarily stop operations and have huge consequences not only for the affected business, but also for the nation’s overall economy.

In critical infrastructure sectors, organisations need to be more concerned about real-world hazards to humans and the environment rather than information theft. Gartner predicts that by 2025, attackers will have successfully weaponised a critical infrastructure cyber-physical system to harm or kill humans.

Some of the cybersecurity challenges faced by infrastructure managers are related to legacy technologies, lack of awareness, interconnectivity, insider threats and budget allocation.

Legacy technologies: Many infrastructure systems were built decades ago and still rely on outdated technology, which is vulnerable to cyberattacks. These systems often need their security features to be regularly updated or patched, which makes them vulnerable to attacks by hackers who can exploit known vulnerabilities and gain unauthorised access to the systems. To address this challenge, infrastructure managers must invest in modernising their systems and regularly implementing security upgrades.

Lack of awareness: One of the biggest cybersecurity challenges for infrastructure management is the need for more awareness and training among staff members. Many employees are unaware of cyberattack risks, or do not know how to identify and report suspicious activity, which makes it easier for hackers to infiltrate the systems undetected. Infrastructure managers must provide regular training and awareness programs to their staff members to educate them on the latest threats and how to respond.

Interconnectivity: Infrastructure systems are increasingly interconnected, which makes them more vulnerable to cyberattacks. A breach in one system can quickly spread to other systems, leading to widespread damage. Additionally, the increasing use of third-party vendors and contractors increases the risk of cyberattacks. To address this challenge, infrastructure managers need to ensure that their systems are adequately segmented and isolated from each other. They also need to implement strict access control measures to limit the number of people accessing the systems.

Insider threats: Insider threats are another cybersecurity challenge faced by infrastructure management, whether it be in the form of current or former employees with malicious intent, or those who unwittingly compromise the system through negligent behaviour. To address this challenge, infrastructure managers must implement strict access control measures and conduct regular audits to identify suspicious activity. They also need to establish clear cybersecurity policies and procedures for employees and ensure that they are enforced.

Budget allocations: Many infrastructure managers are under-resourced from a cybersecurity perspective, often due to budget constraints or a lack of expertise, resulting in a reliance on outdated security solutions. To address this challenge, infrastructure managers must prioritise cybersecurity and allocate sufficient resources. They can also seek external assistance from cybersecurity experts or partner with other organisations to share resources and expertise.

Risk mitigation measures

The specific mitigation measures an organisation decides to implement will depend on its unique security risks. However, there are some key mitigation measures that most infrastructure managers should implement as best practice:

• Segmentation into zones: This is a core security best practice measure, which should be used in every plant as part of a holistic defence-in-depth security approach to help limit access to safety systems. For example, a demilitarised industrial zone (IDMZ) with firewalls and data brokers can securely segment the plantwide network from the enterprise network. Also, using virtual LANs (VLAN) and a layer-2 or layer-3 switch hierarchy can create functional sub-zones to establish smaller domains of trust and simplify security policy enforcement.
• Physical access: Many organisations use RFID cards to control facility access, but physical-access security should go further than that to protect safety systems. Lock-in, block-out devices should be used to prevent the unauthorised removal of cables and to close unused or unnecessary ports. Control cabinets should be locked to restrict walk-up and plug-in access to the industrial automation and control system devices. More advanced physical-access security also is emerging, such as IP video surveillance systems which can use analytics for facial recognition.
• Network-integrated safety and security: CIP Safety™ and CIP Security™ are extensions to the common industrial protocol (CIP), which is the application-layer protocol for EtherNet/IP™. CIP Safety allows safety devices to coexist on the same EtherNet/IP network as standard devices and enables a safe shutdown during a denial-of-service attack. In addition, CIP Security incorporates data integrity and confidentiality into EtherNet/IP communications. As a result, devices which incorporate CIP Safety and CIP Security can help protect against data corruption and malicious attacks on safety systems.
• Authentication and authorisation: Security software features can restrict wired and wireless access to the network infrastructure. For example, authentication and authorisation security are crucial elements in human-machine interface software and can limit safety-system access to authorised individuals. This can help protect against malicious and accidental internal threats. In addition, security personnel can define who can access the software, what specific actions they can perform and on which specific hardware, as well as where they can perform those actions.
• Asset and change management: Asset-management software can automate the discovery of new assets and centrally track and manage configuration changes across an entire facility, including within safety systems. It can detect real-time malicious changes, log those activities and report them to key personnel. If unwanted changes are made, the software can access archived copies of a device program for fast recovery.
• Vulnerability management: Processes and procedures should be developed to help make sure fast action is taken after safety and security advisories are released. This includes having processes in place to review advisories and determine their potential impact immediately. It also includes implementing patch management procedures for affected products.

NHP solutions — safety through security

The security landscape is ever-changing, so you need a partner whom you can trust and is transparent in approach to help you manage the constantly evolving risk. NHP’s industrial security portfolio and services will help you assess, implement and maintain ICS security within operations and enable transformational technologies that rely on enterprise connectivity.

Please call your local NHP Account Representative to discuss our security and safety solutions.

Australia: 1300 647 647 nhpsales@nhp.com.au

New Zealand: 0800 647 647 sales@nhp-nz.com

^References:

^{https://blog.cyble.com/2022/05/04/water-and-wastewater-treatment-facilities-vulnerable-to-cyber-attacks/}

^{https://literature.rockwellautomation.com/idc/groups/literature/documents/wp/safety-wp035_-en-p.pdf}

Image credit: iStock.com/zstockphotos