Many companies are now coming onboard with digital transformation. For this change, we need to take into account a number of implications, such as processes to implement in companies such as Lean and having a business model. Of course, in order to be able to carry out a transformation of your company it must also be accompanied by certain Technological Drivers in order to be able to carry out this adaptation to change in a more streamlined manner. One of these is Industrial Cybersecurity (OT – Operation Technologies).
In recent years, Cybersecurity in IT (Information Technology) has continued to progress. However, we must not forget about Cybersecurity in production plants since attacks in plants have increased exponentially and malware, viruses, worms and spyware have been developed that can affect the manufacturing process, changing only one parameter in the corresponding Automation, or affecting your Supervision and Monitoring system generating false alarms or also affecting manufacturing orders in your MES/MOM System.
There are differences between the IT network and the OT network, since according to ISA 95, Level 1 and 2 are OT network and Level 3 and 4 are IT network. However, there is an increasing convergence between the two networks since a DMZ or demilitarised network is located in Level 3 (service network) in which systems such as MES / SCADA / Historian / SRV web are found.
Priorities in differences between the two networks:
|IT NETWORKS||OT NETWORKS|
|Updates with well-defined policies.||Patches||Complicated to use and updates by manufacturing periods.|
The main steps to take in order to be able to manage industrial safety appropriately would be: analyse the infrastructure as well as its vulnerabilities, design both the network and the improvements to be made, define security protocols and procedures such as access codes, naming, deploy software and devices for detecting anomalies in order to be able to carry out a continuous monitoring of the system, report to a main system for a fast reaction to the intrusion of any anomaly detected, such as excessive traffic or an unsuitable parameterisation in a time slot.
The following are points to keep in mind in order to have OT network which is secure. They need to be constantly updated with all the changes that occur in the site:
- Device infrastructure security, as well as having a dual power supply, so that power is provided from two different points and it would be best if they were two UPS (Uninterruptible Power System).
- Connectivity between two switches, either by means of FO (Fibre Optics) or UTP cable, as there is a band which is placed at a different location.
- List of the updated devices, both the IP and MAC address.
- Know how to identify existing vulnerabilities of the devices on site, as well as the protocols that the SWs can use, so that, when we connect to them, we can do it in a secure way such as Https, SSH, and of course that they support communications from the Automation or site control devices.
- Carry out a management update of the devices, both of the versions of patches in the operating systems and the firmware to be updated in both the Automation devices and the Switches.
- Carry out segmentation of the network, using vLan’s, or even making DMZ zones in the most critical areas, so as to prevent the attackers who manage to get past the first barriers from being able to move transversally on site.
- Of course, you should have a recovery plan prepared, in order to be able to prevent as much as possible. This will mean that, although they have been able to get through the barriers and have been able to make changes in the system, we can isolate it and will be able to recover the management of the site from a backup and everything can be functional in the shortest possible time and for the lowest cost.
In industrial environments, there has been an increase in cyber-attacks. In a survey, 17% of respondents reported that there were increases in security breaches and that they required a month to detect those gaps. (Report from the Sans Institute Survey)
For this reason, Cybersecurity is as important in OT as in IT, because we affect the production which occurs at the manufacturing sites.