Beyond simply multiplying, cyber-probes, -intrusions and -attacks are growing more sophisticated, and requiring users to protect entire systems instead of single access points.
“Cyber-criminals used to focus on taking control of a PLC, but now we’re seeing them attempt to gain access to the entire network through PLCs. That kind of access can be absolutely debilitating to a plant or public utility,” says Keith Mandachit, PE, engineering manager at Huffman Engineering Inc., a CSIA-certified system integrator in Lincoln, Neb. “These hackers are attempting to exploit the network through the engineering workstations, and any disparity between your IT and OT operations can open a window of opportunity for an attack we’ve seen called ‘Evil PLC attack.1’ ”
To handle the everchanging risk posed by cyber-threats, Mandachit reports that users must constantly and consistently educate and communicate among their staffs, contractors and clients. “Looking outside of your organization to learn of real-life examples and passing that knowledge onto you own stakeholders is imperative. The stakes are high as these attacks grow more sophisticated, so it’s not just about controlling your own internal processes anymore,” he explains. “Limiting access points is key to defending against attackers weaponizing PLCs. This includes managing the risk of allowing a third party’s external team to connect a laptop to your network and systems."
Mandachit reports that cybersecurity mitigation strategies should include:
- Conduct a cybersecurity risk assessment (RA) and asset inventory to determine risk tolerance and budgetary plan;
- Communicate with all stakeholders, such as operators, IT, automation engineers and management;
- Limit access to PLCs with policies and procedures that control access, and allow only approved and vetted personnel access to applicable systems;
- Monitor network traffic and analyzing it for unusual events, such as uploading and downloading PLCs with automated notifications;
- Segment networks to reduce the risk of an attack infecting overall networks; and
- Stay current with patches and other software updates.
“Reputable system integrators will regularly monitor and communicate updates with customers,” adds Mandachit. “These strategies used in conjunction can provide a unified front across your organization to help combat attacks.”
Converge and coordinate
Just as cooperation between OT and IT can aid all kinds of digitalization, it’s also one of the most crucial ways to achieve cybersecurity.
“It’s always a challenge to get the IT and OT departments to work together. Both have important initiatives to accomplish but finding an effective balance for the entire organization can be difficult,” says Mandrachit. “Vulnerabilities can be exposed when the IT and OT departments can’t find the middle ground between security risk and production. If OT won’t budge on allowing the latest security updates, that exposes them to the risk of the newest cyber-attacks. If IT doesn’t recognize the importance of a continuous schedule, production goals can’t be met. These two have to find a middle ground, and often a certified control system integrator, who understands the importance of both areas when it comes to cybersecurity, can stand in the gap and help bring them together.”
