For all the benefits that smart manufacturing can offer, it also requires a more comprehensive approach to security. Seamless connectivity and smart devices are the catalysts to smart manufacturing – but they can also be a conduit for security threats.
The growing use of widely available technologies in industrial control systems and the growth of more connected, information-enabled enterprises inherently increases security risks, and with it the responsibilities of control system providers and users alike.
Historically, industrial control systems used proprietary technologies and were generally segregated from the information systems at most companies. The systems were largely incompatible and the commercial technologies that were used in office spaces simply didn’t fit the requirements of control systems.
As commercial technologies advanced in recent decades, they were adapted for use in control systems, improving costs, compatibility and ease of use. With these improvements, connectivity between systems became simpler and increasingly demanded by users.
Bringing together enterprise-level IT and plant-level operations technology into a common infrastructure creates more opportunities to improve operations, but without proper cyber security hygiene may also provide increased opportunities for cyber-attacks against industrial control system equipment.
Such attacks, if successful, can have severe impact on worker, environmental and product safety, intellectual property, reputation and productivity. Attacks on control systems have increased dramatically in recent years. Global cyber-attacks – like WannaCry and Petya – affected thousands of targets and networks around the world.
Leading industrial control system providers constantly test products and review applications to identify and remediate vulnerabilities in products. Disclosing remediated vulnerabilities through patch and version management helps protect against cyber-attacks.
At Rockwell Automation, this is part of an ethical and comprehensive cyber security strategy to help verify customers’ security and safety. While this is not actually new, the increased focus on security in recent years and the more frequent disclosures may seem surprising to some. To others that have worked closely with IT, it will seem natural and expected. To all, it should be welcomed as a clear focus on supporting the safety and security of industrial control systems.
Mitigating Security Threats with Network Segmentation
An open and unsegmented network is a gift to cyber attackers. Once an attacker finds and exploits the most vulnerable point of entry, it could turn into a potential ‘kid-in-a-candy-shop’ scenario. They may be able to pivot to more easily access a larger part of the network and potentially anything connected to it – from product designs or recipes, to machine controls, to company finances.
It’s important to note that it’s not only external threats that pose a danger on an unsegmented network. Internal threats, whether it’s a disgruntled employee or human error like an incorrect system change, also can wreak havoc when there are no network boundaries or access limitations.
This is why network segmentation should be part of every company’s industrial security strategy. Network segmentation separates your network into multiple smaller networks and allows you to establish zones of trust. This can help limit the access of outside security threats and contain any damage they cause. It can also help give employees and business partners access to only the data, assets or applications they need.
Virtual LANs (VLANs) are most commonly associated with network segmentation. These are broadcast domains that exist within a switched network. They allow you to segment your network logically – such as by function, application or organization – instead of physically.
VLANs can secure devices and data in two ways. First, you can block devices in certain VLANs from communicating with devices in other VLANs. Secondly, you can use a Layer-3 switch or router with security and filtering functionality to help to protect the communications of devices that do talk to each other across VLANs.
While VLANs are an important part of segmentation, they’re only one solution. You could also use other segmentation methods across different levels of your network architecture.
One example is the use of an industrial demilitarized zone (IDMZ). It creates a barrier between the enterprise and manufacturing or industrial zones. All traffic between the two zones terminates at this barrier while still allowing data to be securely shared.
Other segmentation methods to consider using include access control lists (ACLs), firewalls, virtual private networks (VPNs), one-way traffic restrictors and intrusion protection and detection services (IPS/IDS).
Cyber Hygiene for Food Manufacturers
Food manufacturers are reaping benefits from the convergence of operations and information technology – through increased yields and deeper, real-time insight into KPIs. They're moving into a bright manufacturing future.
However, providing access to information changes the threat landscape for food manufacturers. This territory is shaped by malicious hackers, as well as virtuous employees who are all too often unfamiliar with the impact of their seemingly everyday actions. The resulting dangers range from product contamination to loss of intellectual property.
The good news is that food and beverage companies are getting better at basic cyber hygiene. That approach starts with not just understanding what is connected on your plant floor, but understanding its attack surface. In other words, what are those assets’ vulnerabilities? Then use that knowledge to patch them.
Digital transformation provides an advanced network backbone, which minimizes security risks while supporting scalable execution, analytics and supply-chain connectivity. As such, an investment in IIoT technologies is compelling because it delivers insights that improve performance now, while also implementing a security architecture.
Looking at the digital journey of our customer, Hamlet Protein, provides a great example of how a successful transformation occurs.
Hamlet Protein, Inc. is a mid-sized company located in Denmark that develops and manufactures soy-based functional ingredients for use in animal feeds. The company has identified seven key steps crucial to the success of their digital transformation:
- Create and socialize a shared company vision among C-level stakeholders.
- Establish a steering committee.
- Partner with a technology provider who understands and supports your overall business objectives.
- Carefully and completely assess your company’s operations to develop an unvarnished picture of strengths, gaps and opportunities.
- Conduct a value workshop to secure buy-in and evaluate potential gains against the picture developed in step 4.
- Develop and socialize a comprehensive plan and schedule.
- Establish an infrastructure for change management and inter-company communication.
Whether you’re just embarking on or are already on the path of your own digital journey, you may find the following resources useful: