Академический Документы
Профессиональный Документы
Культура Документы
Plant Network
Security
How to defend your Plant against the threats of 2014?
version 1.1
Table of Content
1.
Introduction .................................................................................................................... 3
2.
Background ..................................................................................................................... 4
2.1
2.2
2.3
3.
3.1
3.2
3.3
3.4
3.5
3.5.1
3.5.2
3.6
System Hardening......................................................................................................... 11
3.6.1
3.6.2
3.6.3
4.
4.1
Wi-Fi ............................................................................................................................. 13
4.2
5.
6.
Recommendations........................................................................................................ 15
1|Page
version 1.1
Executive Summary
Over the last decade, technology in industrial process control systems has
changed significantly by utilizing Information Technology (IT). Although using IT
has largely benefitted the industry, it also brought new challenges to the process
control systems such as network security.
The increasing number and reach of cyber threats in process control systems
cannot be ignored. In the past, (cyber) security threats were mainly intended
attacks from the outside. Nowadays, the majority of security incidents, reported
from process control, are unintended incidents, such as malware infections,
often caused by internal sources, like employees.
Besides internal threats, external threats play an
important role too of course. When a hacker someone who attempts to gain unauthorized access to
proprietary computer systems - decides to attack a
process control network, the caused damage can vary
from theft of confidential information to a complete
shutdown of systems.
The biggest and most urgent question most plant
owners are concerned about regarding cyber-security
is therefore: how to protect their network from these
hackers and malware infections?
This whitepaper describes the current trends in security
threats for the process control industry. It is intended
to provide insight in how process control systems can
be secured and defended in a changing technology
landscape.
2|Page
version 1.1
1. Introduction
Changing technologies
Over the last decade, technologies used in process control networks have
changed significantly. In early days, human interface equipment provided by an
industrial automation supplier was based on proprietary hardware, software and
operating systems. Communication between network elements was also based
on proprietary, or at least not widely commercially used, protocols. However,
industrial process control system suppliers have been forced to introduce lowcost and open solutions due to the market
demand.
At the same time, the usage of the Internet in
the public sector has exploded, which
automatically has led to an increasing number of
security threats. The hacker's community
evolved with this changing market. In an earlier
stage, their aim was somewhat innocent by
infecting as many computers as possible, mainly
to become famous within the hackers
community. Although this is still important, a
new type of hacking has become even more
threatening. These new hackers are not just
interested in their reputation, but even more in
money (i.e. theft of credit card numbers) or
causing damage to targeted industries (i.e.
environment activists).
Because in the past the industrial automation systems were not connected to
the Internet, these new cyber threats did not affect the world of industrial
automation. Obviously this has changed. Two formerly different and enclosed
"worlds" are coming together. We have now reached a point that network
security can no longer be ignored within the industrial automation landscape.
3|Page
version 1.1
2. Background
2.1
In July 2010, a new threat related to process control systems was discovered.
This new threat is referred to as Stuxnet, which is a sophisticated malware,
targeting Siemens PLC systems. Before the appearance of Stuxnet, process
control systems had not been recognized as a potential target for
malware developers. However, the appearance of this new
generation malware shattered such an optimistic view. After
Spending money on
security is similar to
Stuxnet, many other process control malware emerged.
Within the same year, DUQU, a reconnaissance virus, emerged.
One year later the most sophisticated espionage tool, Flame, was
discovered. And in 2013 the cyber espionage malware program
Red October was discovered.
spending money on a
health insurance. If you
dont have insurance,
only one incident will
cost you an amount of
money that will exceed
the costs of insurance
for the entire lifecycle of
your plant.
4|Page
2.2
version 1.1
Beside security threats due to changes in technology, there are also cybersecurity threats that have been around all along: unintended (human errors)
actions causing security incidents; in- and outsiders with malicious intent.
One way to mitigate the risks associated with cyber threats and the human
factor is by implementing physical security in the form of
locked cabinets or rooms with key card authentication. If
personnel have no access to areas where they might cause
Eugene Howard Spafford,
a leading computer
serious security incidents, either intended or unintended, risk
security expert, once said:
factors will be minimized. Another important point to
consider is to give your personnel security awareness training.
"The only truly secure
2.3
Figure 1 ANSI/ISA99
5|Page
version 1.1
3. Security solutions
Even if we were able to achieve an appropriate security level by introducing
security measures into plant control systems, the security level will decrease
every day, because new malware is being created on a daily basis. Security is a
dynamic & never-ending process and must therefore be seen as part of what
Yokogawa refers to as the Security Lifecycle.
The next section describes solutions to
mitigate the risks of cyber-security
incidents. Depending on local situations,
the following security solutions can be
considered:
3.1
6|Page
version 1.1
The classification of a network is the basis of security control. The network is classified
from level 0 to level 4 according to the network security and functionality.
Level 4: The office domain, which is usually out of the Yokogawa scope.
Level 3.5: This is not an official zone, but a Yokogawa definition. This DMZ (demilitarized
zone) makes it possible to get secured data to and from the Process Control domain and
manages all the data traffic coming from Level 4 to check system layers (Level 3 and lower
layers).
Level 3: Site Manufacturing Operations Control Level 3 includes the functions involved in
managing work-flows to produce the desired end products. It consolidates raw data/information
from level 2 PCN, processes them before the data and information will be utilized by level 4
network like ERP system. Therefore, it contributes as vertical integration functionality between
Level 4 corporate network and Level 2 PCN.
Level 2: Area Supervisory Control Level 2 includes the functions involved in monitoring and
controlling the physical process. For example the HMI stations are located here.
Level 1: Local or Basic Control Level 1 includes the functions involved in sensing and
manipulating the physical process. Level 1 includes continuous control, sequence control, batch
control, and discrete control. Also included in Level 1 are safety and protection systems that
monitor the process and automatically return the process to a safe state if it exceeds safe
limits.
Level 0: Process Control Level 0 is the actual physical process. It includes the sensors and
actuators directly connected to the process and process equipment.
7|Page
3.2
version 1.1
The firewall is the first line of defense for intrusion from other networks. If a
process control network is connected to any other network, it is considered
mandatory to install a firewall between these two networks. With a firewall, all
traffic between two, or even more, networks can be regulated. A firewall will
block all traffic between the networks, but by adding rules, specific traffic can be
allowed. The firewall does not only reduce the risk that unauthorized people can
get access to the network, but also minimizes the risk that problems in one
network segment traverse to the another network segment or zone.
Office Domain
DMZ
Process Control
Domain
Figure 4
In addition to a firewall, an extra layer of security can be created with a so
called, Demilitarized Zone (DMZ > fig. 4). It can be used to segregate process
control networks from office networks. Once a DMZ is created, there is no
longer a direct connection between hosts in the office network and process
control. This can be seen in Figure 4, in which the red arrow shows a direct
connection and the green arrows show the data flow via DMZ.
3.3
The most dominant threats these days are viruses, worms, and Trojan horses.
These security threats increased dramatically over the last years. Figure 5 gives
an overview of the number of viruses over the last years reported by McAfee.
Not only is the number of malwares is continuously increasing. At the same time
the vulnerabilities of plant control systems to get infected by malwares is
increasing as well.
8|Page
version 1.1
Most computers offer network security features to limit outside access to the
computer system. Software such as antivirus programs and spyware blockers
prevent malicious software from running on the machine.
3.4
9|Page
3.5
version 1.1
3.6
version 1.1
System Hardening
Many computers offer network security features to limit outside access to the
network system. Yet, even with all previously argued security measures (like
anti-virus) in place, computers are often still vulnerable to outside access.
System hardening, also called: Operating System
hardening, helps further minimize these security
vulnerabilities.
Network Management System:
securing a sustainable operation
System Hardening means to protect and close all normal
To keep sustainable operation,
entrances in the system, for example: if an application is
it is definitely effective to
installed on your computer, it might accept a request from
introduce a Network
outside of the PC. System Hardening prevents these
Management System (NMS).
With NMS, network operators
backdoor entrances.
The purpose of system hardening is to eliminate as many
security risks as possible. This is typically done by
removing all non-essential software programs and utilities
from the computer. While these programs may offer
useful features to the user, if they provide "back-door"
access to the system, they must be removed during system
hardening.
Hardening is also used to protect the PC from being used
as a regular computer. For example, if a machine such as
HMI is installed, system hardening will close all possibilities
of accessing the normal Microsoft desktop.
11 | P a g e
version 1.1
The most effective way to accomplish the system hardening is with the use of
Microsoft active directory. With this, the management of all computers in the
network can be maintained from one single computer.
Additionally, active directory has the possibility to manage users and groups by
checking permissions and passwords for all computers in the network. This will
improve operational efficiency.
Even if there only a few PCs are used in the system,
it is recommended to introduce active directory to
avoid operational mistakes.
3.6.3 Restricted USB usage
Nowadays, the work of maintenance engineers is
very hard without the use of USB sticks. However,
USB sticks are one of the main sources of malware
infections.
Because of workability issues for engineers, USB
devices cannot be completely abolished. To mitigate
the risk, however, it is highly recommended to limit
the use of USB devices. The use of USB devices can
be restricted in various ways. One of these options is
to have an active directory, as mentioned in 3.6.2.
Yokogawa
Security
Competency
Laboratory
12 | P a g e
version 1.1
4.1
Wi-Fi
4.2
13 | P a g e
version 1.1
5. The Future
When reflecting over security, most people would like to anticipate how an
attacker will attack. Anno 2014 certain threats are developing within the IT
world which might become applicable to the process control world as well. For
example: there is a large growth in Ransom-ware - a kind of malware that will
encrypt your hard-disk and ask the victim for money (a ransom) for the key to
decrypt. See the figure below from McAfee.
Source: McAfee
14 | P a g e
version 1.1
6. Recommendations
Each organization should consider investing in proper security measures. With
the existence of many security threats, implementing a solid security solution
clearly brings long term security (and production) advantages, although they
might be seen as an unwelcome and even unnecessary source of expenses.
Key solutions are to implement things like Anti-virus, patch management, a
firewall, or hardening your system. For medium/larger systems implementing a
Network Management System is essential to monitor your network.
If you are not confident about your plant or factory security approach, or if you
need help convincing your management about security investments, Yokogawa
security consultants can help you by conducting a Security Assessment. The
outcome is a clear report which will list your vulnerabilities and will indicate the
measures that you can take to mitigate these vulnerabilities.
Helpful Resources
About Yokogawa
Yokogawa Electric
Corporation is a
Japanese electrical
engineering and software
company, with businesses based
on its measurement, control,
and information technologies.
Contact us
For more information please visit www.yokogawa.com/eu to find contact
information for Yokogawa in your area.
For Europe please send an e-mail to PNSD@nl.yokogawa.com a Yokogawa
security expert will get in contact with you.
You can also use the digital contact page to get in contact with a Yokogawa
Security Expert.
15 | P a g e