Cyber security or how to manage vulnerabilities in industrial environments

A vulnerability is a failure in a process or system that may turn into a threat gateway, so the more vulnerable it is, the greater the risk.

In an industrial plant, there are two environments that need to be secured, the operational one (OT) and the information technology one (IT), the latter requiring a greater level of interconnectivity to make the plants more efficient, automating processes. This is where the crux of the matter lies. In industrial automation, variables related with real-time processes come into play, meaning that, when faced with a vulnerability, the impact is greater, because we face interruptions to activity which, in turn, implies costs and delays.

The aim is to protect, on the one hand, the availability of the information in the first environment and, on the other, the confidentiality of the data, in the second. That’s why it’s important to tackle cyber security right from the product design phase to delivery.

Subsequently, today, in industrial plants we find many systems (hardware and software) deployed that are able to communicate over a network and which have never been audited, meaning we could face many security breaches.

Of course, up until now this wasn’t a big problem because plant networks were generally internal, but now there is more and more software that needs to connect to the Internet. This means that the attack surface is bigger. That is, not only are we facing software damage, but also hardware damage, which means that in addition to loss or theft of information we are dealing with damage to the equipment itself. In industrial processes, problems can be related to malfunctions in production that lead to physical problems such as damage to machines, raw materials, etc.

Fortunately, there is growing awareness of the need to secure industrial systems, but... how do we deal with these vulnerabilities?

First of all, we have to change our mindset and not only be reactive, that is, respond or act when an attack occurs, but also be proactive, establishing preventive response models and identifying possible vulnerabilities. That’s why it’s necessary to monitor processes and systems and perform follow-ups to detect possible security flaws. This is the starting point for having safe and available infrastructures.

Equally, although it may not have occurred to us, having up-to-date software is another of the most important defenses. Something that’s guaranteed in Cloud with the SaaS model, something which we firmly advocate at Lantek in order for SMEs to jump on the digitalization train in a safe environment.

What type of technologies should be associated with cybersecurity projects?

• IoT. The Internet of Things has been a significant introduction for all plants, sensorizing machines and processes to make interconnectivity between them possible. And it will be increasingly present with the arrival of 5G networks.
• Cloud. The cloud is no longer just a space to store data, but, thanks to artificial intelligence, machine learning and Big Data, it is capable of processing and analyzing information to offer predictive and prospective responses. A big step forward for our plants, and secured with encryption in each of the information nodes.
• Big Data. Said to be the new oil for companies, it’s an attractive source of wealth for cyber attackers on the lookout for a security breach to steal information and sell it to the highest bidder.

Cybersecurity predictions

INCIBE, the security incident response center of the Ministry of Economic Affairs and Digital Transformation, has made a series of predictions regarding cybersecurity in the industrial sector, an increasingly attractive market for cybercriminals, as they can obtain more lucrative benefits, either by selling information or deleting it, warns the public body.

• SCI security will become more conventional. Investing in securing environments is not only a concern for large companies, more and more SMEs are joining this trend because, due to their size, they are even more vulnerable.
• Tools for exploiting vulnerabilities. According to the INCIBE, cyberattacks on OT environments will multiply in the coming years with increasingly specific objectives.
• Active detection. Given the sophistication of cyberattacks, companies will take action and stop giving reactive responses instead being more proactive, acting and actively fighting new threats.
• Continuous monitoring in control networks. Despite the increased use of encrypted protocols, monitoring will be one of the most important aspects to identify new cyberattacks. However, these types of tools need to evolve in order to operate with encrypted traffic.
• The attack surface is getting bigger and bigger. As we mentioned at the beginning, the need to connect machines and processes to the Internet in order to automate processes or work remotely increases the opportunities for cybercriminals.
• Drills. That’s right, another of INCIBE’s predictions is the need for companies to carry out cyber-attack drills, which will allow them to train their teams in how to defend themselves.

At Lantek, we use encryption standards and ciphers that are accepted as "strong" by the IT security sector. In some cases, we use a security plus known as mutual authentication, meaning that both the server and our plant systems present a certificate. This happens, for example, in our communication solution between the local infrastructure and Cloud, Sherlock.

Ultimately, we should see cybersecurity as yet another element to consider when making our plants intelligent to prevent them from being vulnerable not only to unforeseen downtime, theft or deletion of data, but also to reputation issues. Because, believe it or not, it’s even more difficult to recover from that kind of collateral damage.