![CDA](/orgfiles/ZORGF000011/CDA/Layout/CDA.png)
![]() |
Charlotte Stonestreet
Managing Editor |
Home> | AUTOMATION | >Security | >Defend in depth |
Editor's Pick
Defend in depth
04 September 2013
Paul Hingley from Siemens Industry outlines the importance of safeguarding manufacturing control systems from unwanted cyber security attacks and a multi-layered strategic approach to minimise risk.
At a recent gathering of manufacturers hosted by Siemens, a poll among delegates showed that nearly a third had been the subject of a deliberate breach of industrial security. While 83% believed there is a growing threat around industrial security issues for their business.
In the case of industry, many companies have in the past, considered their automation systems to be immune from attack. The trend had been for companies to use proprietary, one-of-a-kind security systems, which have been specifically built for purpose, meaning that hacking into the systems has been a complex task. However, more recently companies have adopted commercial off-the-shelf-technologies (COTS) such as Windows and Ethernet. Although there are many advantages to such systems, security is something that proves to be a constant problem, as such ‘standard’ systems are easier to attack. In the past few years nuclear power plants, oil platforms and water treatment works have all been ‘cyber-attacked’ causing plant downtime which could have led to more serious incidents.
Moreover, the need to continually access data and the integration of controls systems with the business network, has led to an increased use of wireless technologies, enabling remote access for employees, but also conversely making systems potentially more vulnerable.
With such requirements, the complexity of modern automation systems and the importance of making sure operations are not interrupted by the unexpected, it is vital manufacturers protect their systems. But how can this be achieved?Protecting your operations
Any system that secures plant assets should use a defence in depth strategy, one that takes a multi-layered approach to cyber security. No single security measure is good enough to prevent intrusions.
Firstly, a system should always be protected from unwelcome visitors accessing it. A strict user management procedure should be in place. Users and computers should follow the principle of minimal rights, which means users should be granted the minimum set of access rights to carry out their job properly. This will mean that if an individual’s account is hacked, only minimal information will be compromised. Furthermore, computers should also work to the same principle so that each system serves its purpose but does not allow access to areas which are not necessary.
It is recommended that a single sign on and password is given for each user to access everything they need. This limits the amount of information that can be misplaced, thus limiting the opportunity for a hacker to gain this information and use it to infiltrate a security system.
Even if a system has the best user access security, it is important to protect the system from attack in case a hacker does manage to access the network. A network can be divided up into security zones known as secure architectures. Each component within a secure architecture has the same level of trust and all traffic into and out of an individual zone can be monitored. Additionally, a network can be divided up into demilitarised zones. Using firewalls, the network is split into segments that are separate from the Process Control Network. These individual segments are then used to communicate data from the distributed control system to the outside world, meaning there is no direct connection between the Process Control Network and anyone outside the building. It is important to make sure firewalls are used in the correct manner and ensure virus scanners are kept up-to-date.
Additionally, modern automation control systems tend to be made up of a number of layers of components. These components are common targets for hackers so it is imperative security is kept up-to-date. Manufacturers such as Siemens Industry are continually releasing updated patches, designed to make sure a system is secure.
A final way in which a manufacturing process network can be made more secure is by IP hardening. Often commercially available PCs contain a number of programs as standard which are unnecessary for a process system. Software such as Outlook, Internet Explorer and Media Player often come as standard on a commercial PC but are obsolete when it comes to a process system. These are also among the easiest programs to write a virus against and so are popular for hackers to use to gain access to a network.
Key Points
- Cyber security needs to be tackled using a multi-layered approach
- A system should always be protected from unwelcome visitors accessing it
- A single sign on and password should be given for each user to access everything they need
- Siemens strengthens Large Drives network through strategic partnership with Indrico
- Siemens & DAI launch technology hub
- Battery partnership
- Siemens expands Sinamics G120P series
- Next-generation flat panel
- Positioning capability
- Embracing a partnership approach to productivity
- Drives and Automation becomes Solution Partner for Siemens
- 100th Motor Control Centre for mobile power plants
- Siemens appoints Juergen Maier as new UK chief executive
- Insight Into Security Threats
- Secure Network Interoperation
- SAFETY & SECURITY - STRANGE BEDFELLOWS
- Siemens extends TIA Portal engineering framework
- Partnership To Enhance Industrial Control Systems Security
- GAMBICA forms industrial network security group
- Infosecurity: stop throwing rocks at each other
- Secure data handling process
- Rising risk of cyber security attacks
- Scalable safety integration for small applications