Operational Technology (OT) networks for Industrial Control Systems (ICS) exist at every industrial facility. These sites exist for all manufacturers, both public and privately owned. These sites all want their ICS to perform with high availability, the way it was designed. As everything becomes more interconnected, we create the risk of opening our facilities to both internal and external cybersecurity threats. Many standard network safety solutions are at odds with providing a high availability ICS. As our factories get more and more automated, we are completely dependent on computer systems and networks to produce our products. Much like we all purchase insurance for our personal vehicles, so we can repair or replace them in case they crash, we need to ensure (and insure) that each facility’s ICS is protected and able to be repaired if it crashes.
To protect your ICS, you need a solid, safe design. Every bit of data that is transferred across your network needs to be protected. Typically, a facility will have a Programmable Logic Controller (PLC) or a smart device controlling equipment in its immediate physical area, networked to the rest of the ICS. These systems and their networks need to be isolated from networks where cybersecurity is an issue. These systems tend to send massive amounts of data to SCADAs, HMIs and historical data archives. Years ago, these systems were typically air-gapped, which kept them protected. Nowadays, most facilities want this data to be used on the corporate IT network or at a remote location:
- Data trends can perhaps be viewed at an engineer’s desk, on the same computer he uses to send email, to analyze how equipment is running.
- Data can perhaps be used to generate reports and alarms that are analyzed and used in a central location.
- Data can perhaps be accessed during off hours so on-call personnel can monitor and make equipment adjustments from offsite locations.
When data leaves an isolated network, it is vulnerable to interception and corruption. Not only does data need to move from a secure OT network to a less secure network as in the examples above, but data also needs to travel in the other direction. Frequently facilities want to be able to make automation modifications or patch computers from a central location. Once a connection is made to a corporate IT network or a remote location, this creates a path that allows the system to be infiltrated, which could destroy data, change system operating parameters or inject malware/ransomware. Even if the OT network is connected to a very secure corporate IT network, it may be vulnerable. Most industrial control components cannot handle the same patches, updates and firewall configurations that a business system can handle. Any cybersecurity breach can cost large amounts of money in hardware damage and system downtime. With a solid design you can avoid these problems and keep your ICS safe.
While many facilities recognize the need for a secure network and ICS design, the reasons owners are motivated to make changes vary:
- As cybersecurity incidents become more visible in news reports, some facilities are taking active steps to counteract potential problems.
- Many facilities have corporate edicts to secure their systems. In many cases the OT system is directed to follow the same procedures as the corporate IT system. This is almost never possible, so facilities are struggling to figure out how to secure their ICS in the spirit of the corporate IT guidelines.
- Some facilities want to follow best practices, such as the IEC 62443 - Risk Mitigation Program standard. This is a great source of what every site should try to achieve but it is not always clear how to move from the current network design to a more secure system.
Some facilities are also concerned about getting ahead of proposed regulations as outlined in the DHS/FEMA NIPP (National Infrastructure Protection Plan). The federal government created this program to secure infrastructure and high visibility targets like water and wastewater systems, the electrical grid and chemical distribution. While basic infrastructure is the primary focus of this document, it points out that we live in a very interconnected society and interruption to even a small manufacturing facility may have far reaching effects on the well-being of our citizens and should be protected just as securely.
Hallam-ICS sees many of our customers struggle to figure out how to move their ICS and OT networks to a solid, well designed and secure state. Along with our control system expertise, we are focused on this endeavor and can help your facility move to a secure ICS system. We have ICS specialists, IT specialists, and I have recently gotten my CSSA (Certified SCADA Security Architect) certification, all to analyze and design the right OT system for you. We can help you “insure” your industrial control system.
About the Author
Julie has left Hallam-ICS to pursue other endeavors, but her contributions to the company continue to be valued.
Hallam-ICS is an engineering and automation company that designs MEP systems for facilities and plants, engineers control and automation solutions, and ensures safety and regulatory compliance through arc flash studies, commissioning, and validation. Our offices are located in Massachusetts, Connecticut, New York, Vermont and North Carolina and our projects take us world-wide.