Published on 01/04/2017 | IoT Index
The Industrial Internet of Things (IIoT) has been a hot topic of late. One key consideration that will impact its acceptance rate and ultimate success is security. A successful attack on an IIoT system could result in the loss of sensitive data, interruption of operations, and destruction of systems. This will result in damage to brand and reputation, material economic loss and damage to critical infrastructure. Worse, there could be damage to the environment, injury or loss of human life. A secure IIoT solution is comprised of a variety of elements, including secure products, secure protocols, a secure network, ongoing security monitoring, and employees with cybersecurity expertise.
IIoT systems may feature new connection techniques that will require secure communication protocols. It is important to consider two key concepts when discussing secure protocols – encryption and data integrity/authenticity. Encryption can be used to secure protocols, but it can inhibit other security appliances like Intrusion Detection Systems. Data integrity and authenticity can be provided without encryption, enabling intrusion detection systems.
Legacy systems utilized insecure communications protocols. Communications protocols are evolving to incorporate security enhancement – DNP3 has moved to DNPV5, OPC-UA, Modbus is evolving to Modbus Secure, and EtherNET/IP is becoming EtherNET/IP Secure. Selection of secure protocols is required to enhance solution security.
Trust in the IIoT lifecycle refers to both the integrity of each element in a system and the integrity of data generated by the system. Trust impacts supply chain, installation, configuration, regular usage and eventual decommissioning – requiring regular monitoring to ensure the that trustworthiness is preserved throughout the product lifecycle.
Let’s use an example to illustrate the permeation of trust model. Assume an end user is purchasing a PLC with secure features. The PLC vendor purchases microprocessors and memory from component vendors who ship their products to manufacturing sites. Product software can be developed at vendor development facilities or purchased from partners. Products are fabricated and shipped to warehouses. Equipment can then be shipped to distributors or systems integrators prior to shipment to end users. In this example, we have multiple organizations handling the hardware/software. There is the potential for security issues to be introduced at any of these locations. End users must have trust in the integrity of the supply chain providing system components. Permeation of trust between system operators and suppliers is key to the security of IIoT systems.
One challenge facing many industrial end users is cybersecurity expertise. Industrial personnel have developed core competencies focused on optimizing processes. Small to medium sized companies in particular may have difficulty internally building cybersecurity expertise. Equipment vendors and system integrators can be leveraged to cost effectively provide cybersecurity expertise. Vendors effectively merge industrial control and cybersecurity expertise – many IT based consultants lack OT expertise. Vendors will also have the expertise to guide end users in the selection of data that should be pulled from the process.
Another key consideration is training to effectively operate a system after it has been activated. Tips to effectively operate, monitor, and update processes need to be implemented. Guidance on proper corporate security policies is also critical.
Cloud services enable external computing power to be utilized to analyze and control OT infrastructure. In a cloud architecture, data from thousands of devices is stored, analyzed, and accessed from a server. The cloud infrastructure can be located within the corporate network, or outside the network operated by a partner. Many end users are implementing an internal cloud model. Data pulled from the IIoT would be gathered and stored on equipment residing in the corporate network. Housing data on internal equipment connected to a network controlled by the end user helps to safeguard potentially critical data.
Using an external partner creates a number of trust boundaries that can impact security and privacy. Information must be protected for both privacy and security. For example, stolen credentials could allow attackers to access critical data. Moreover, attacks on other cloud customers hosted by the partner may propagate.
The first key concept involves securing systems. Product lifecycle has a huge impact on security in industrial applications. Unlike IT environments, products can remain in active service in industrial control systems for as long as 30 years. It is unrealistic to assume that end users will update older components when implementing IIOT. Thus, IIOT systems will include legacy end devices that were developed prior to advent of security standards alongside new end devices with native security features.
Let’s begin by looking at the challenges posed by legacy devices. Most industrial installations contain equipment that in antiquated from IT and security perspectives. Legacy equipment is at greater risk of attack than equipment with the latest versions of security features. There are two options available to mitigate this issue, selection between the two will be driven by the application.
Limit communication to data collection only. This is the safest option but may not be viable for all applications.
Placing restrictions on device access. Note that this will require monitoring of the integrity of communications to insure that data is not changed as it travels between devices. This option is more practical as limiting access to data collection is not feasible for many applications.
Devices that have been recently deployed will have security features. In this case you may be able to operate without building security around devices.
Considerations when Purchasing Equipment
If customers choose to update legacy equipment, selecting equipment with firmware and software signing is critical to insure secure patching. You should also lean towards products developed using a secure development lifecycle (SDL). Most organizations have a well-defined process to create, release, and maintain products. However, increasing concerns and business risks associated with insecure products have brought increased attention to the need to integrate security into the development process. You should ask potential vendors to supply proof that development centers have been certified to standards such as IEC 62443-4-1. Third party certification of a development process can provide confidence that products were developed using secure practices, reducing potential implementation risk.
Connecting devices to each other and the cloud opens the door for an intelligent process, potentially leading to significant improvements in productivity and efficiency. The tools to successfully implement the IIoT are in place today, but change will be evolutionary vs. revolutionary. End users will weigh the value of new functionality against the risk of making changes to their control system which will impede rapid change. Security will be a key factor impacting success. System design, product features, secure development processes, and implementation expertise will have to be taken into consideration when implementing the IIoT.