Today’s factories – be they relatively simple production facilities, or highly complex automation environments – face a dilemma that was unimaginable in earlier times.
To be successful, they must be connected.
Effective connectivity in a production environment requires a powerful communication network, and throughout the entire value chain there’s typically a lot of communication taking place.
The communication network needs to be flexible, and the devices that are used must be simple to configure. Industrial environments demand high speed, real-time communication, with data travelling within milliseconds. They also need to ensure their network is robust and has redundancy mechanisms so it can withstand failures.
But to survive, factories must also be secure.
They need to protect their network from the growing threat of cyber attack.
GMI research from 2015 showed that 59% of companies in the industrial environment had suffered from security incidents during the past five years. Within the manufacturing and process industries, 27 billion euro was lost throughout that period due to security-related issues. 34% of the people operating and using the systems claimed that their system has been breached more than twice over the past 12 months. Worryingly, 44% of these people were unable to identify the source of the incident.
Businesses around the world – including Australia – received an unmissable wake-up call in mid-2017 when the WannaCry ransomware incident struck. An estimated 400,000 computers globally were infected. The cost for business was significant, with major manufacturing facilities forced into temporary shut-down and companies across numerous sectors of the economy feeling the impact on their productivity.
Industrial espionage is also a very real threat for production-based companies, particularly in a highly-competitive environment.
The bottom line is that every networked device is a potential target for cyber attacks. Manufacturers in all sectors face the challenge of protecting their industrial production facilities, and there can be no doubt that networking production plants considerably increases the security risks.
Yet it’s not a choice of either to be connected, or be secure.
Put simply, a production facility needs to be both these things. Even when implementing complex security features and technologies, we need to ensure 100% productivity and availability. Nothing less is acceptable in today’s highly-competitive environment.
In order to ensure connectivity and security we need to adopt a balanced approach. But what does that mean in a production environment where an increasing number of devices are being connected?
To comprehensively protect plants, systems, machines, and networks against cyber attacks, all levels must be addressed: from the operating level to the field level, from access control to networks, terminal equipment, and copy protection.
A successful strategy comprises three key areas:
- Plant security, which creates the foundation and ensures that technical protective measures cannot be circumvented. This includes physical access protection measures such as fences, cameras and card readers. These are supplemented by organizational measures, in particular a security management process that ensures plant security over the long-term.
- System integrity, which includes protecting automation systems and controls as well as SCADA and HMI systems against unauthorized access, and protecting the know-how they contain in the best way possible. This also includes the authentication of users and their access rights as well as hardening the system against attacks.
- Network security, including protecting automation networks from unauthorized access and checking all interfaces to other networks, such as an office network or the Internet. Transitions to other networks are protected by means of firewalls or a DMZ (demilitarized zone) – a network within a network, with controlled access to the data, devices, servers, and services in it. No connection can be established using the DMZ, even if one of the computers in it has been “taken over” by a hacker.
Adopting an approach based on the global standards like the IEC62443 will ensure that the security solution is holistic and involves every stake holder in the value chain. This will also ensure the best protection against security threats and prevention of cyber attacks.