Industrial Security to reduce risk

Industrial Security is versatile and comes into play on several levels. In OT and production, the principle of Industrial Security primarily serves to protect machinery from hazards caused by human action. This principle protects machinery from hazards such as cyber attacks or manipulation.

But how do you go about uncovering potential risks or attack opportunities?

The first thing to do when examining production for Industrial Security is to carry out a risk assessment. This reveals the dangers and risks that a machine is exposed to from “cyberspace” and the measures that must be taken to minimise them.

The security risk assessment should always be carried out in the following steps:

1. Identify assets: What do I want to protect?
2. Analyse threats: What are the risks on the asset I want to protect?
3. Determine relevant protection objectives: What objectives do I want to achieve?
4. Analyse and assess risks: How likely is it that a risk will occur?
5. Analyse threat vectors
6. Create and implement security concept
7. Review the implementation
8. Regular re-assessments
9. Select and implement protective measures: How can I protect against potential risk?
10. Resilience management: What to do after an attack? How can I anchor the idea of security more firmly in the company?

Security levels define the level of security that plant operators or manufacturers wish to achieve using security measures. The relevant information is provided by a prior risk assessment. This defines what is to be protected and determines the probability of this asset being attacked. The Security level (SL) is selected accordingly. These days, SL-2, i.e. protection against “intentional violation using simple means with low resources, generic skills and low motivation” should be seen as the minimum standard. To keep this minimum standard, the company needs a specific security maturity level. The best firewall is useless if a company’s employees continue to write their passwords on post-it notes and stick them on their PC screens, or if they do not run updates. The more the company is involved in security as an issue, the higher the overall protection will be. A holistic security concept is therefore important.

The Security levels at a glance:

• Security level 1: Protection against casual or coincidental violation
• Security level 2: Protection against intentional violation using simple means
• Security level 3: Protection against intentional violation using sophisticated means
• Security level 4: Protection against intentional violation using sophisticated means and extensive resources

A detailed security risk assessment is essential in order to protect a machine in a targeted and specific manner But generic measures can also increase security. Any measure is better than none. The following strategies help you implement security in your company:

1. Defence in depth: This principle is based on always placing new and different obstacles in the path of intruders. That makes it more difficult for attackers to achieve their objective. The point is to create as many obstacles as possible on as many levels as possible, as each individual measure can of course be defeated. An important part of this concept is to always take the human factor into account.

2. Organisational measures: It is important that all of a company’s employees internalise security. It is advisable to set up guidelines that apply to your own employees as well as partners such as suppliers and service providers. Since trust is good but control is better, anyone responsible for security should check compliance with these guidelines and support them if necessary.

3. Training: Not everybody is an IT expert, so regular security training for your employees is required. Pilz seminars are held at their headquarters in Ostfildern near Stuttgart, on the customer's premises or as a web seminar, and are aimed at plant and machine designers, but also at operators.

4. "Zones and conduits" segmentation: Zones containing devices with similar security requirements should be separated from each other by firewalls or safe routers. Only devices that are genuinely authorised to send and receive information via the conduits between the zones can do so. For example, safety-related devices can be given particularly elaborate protection within a separate zone, without this threatening standard operation.  

5. Firewalls: Although routers and switches can support security mechanisms, you should also use firewalls in your control network. The Application Firewall SecurityBridge, for example, protects safe control technology on plant and machinery from manipulation of process data, for example.

6. Patch management: Patches are particularly necessary when you become aware of security-related vulnerabilities in the software. This concerns application software and embedded software. You should consider not only patches and updates released by the manufacturer, but also third-party software (e.g. office applications, PDF Reader). A patch process helps to define responsibilities and procedures.

Where Industrial Security is concerned, if you look at IEC 62443 you will find a series of basic requirements, called “foundational requirements”, which describe in an abstract way technical methods for increasing security:

Identification and access control (IAC)

This ensures that the devices and the information they contain can only be accessed or modified by legitimate entities with the required permissions. These permissions are necessary to ensure the safe operation of the plant or installation and to guarantee the functionality of the IACS (Industrial Automation and Control System).

Usage control (UC)

Usage control (UC) ensures that only authorised entities can use the devices and/or information to carry out valid and necessary tasks, which are essential for the safety and productivity of the plant or installation. So it's a question of permissions. The principle of “least privilege” should be respected.

System integrity (SI)

This foundational requirement ensures that no unauthorised changes can be made to the data in the communication channels, so that correct data is always available. For example, the values displayed must correspond to the actual values and must not have been manipulated. 

Data confidentiality (DC)

All data in a machine should remain confidential and must not be capable of being viewed by outsiders or unauthorised insiders.

Restricted data flow

This foundational requirement ensures that data only flows to areas where it is really needed. This reduces the possibility of data being viewed or manipulated without authorisation. This means that the system architecture should be designed in such a way that the system can be divided into zones and conduits with appropriate security levels. Using devices such as a unidirectional gateway or a data diode can help.

Timely response to events

It is important to ensure that the IACS provides the necessary capabilities to respond to security breaches. This includes notifying the appropriate authority, documenting evidence of the breach, and taking timely corrective action when such an incident is discovered.

Resource availability

It is necessary to ensure that the IACS is designed and operated in such a way that a situation cannot arise in which a system can no longer be controlled or, in the worst case, can no longer even be brought to a safe state. This means that the safety system must not be prevented from putting the plant into a safe state or from fulfilling its protective function, even under a denial-of-service attack.

Additional system requirements are defined for each of these foundational requirements. These can be used as a basis for the implementation of security measures, and become more extensive depending on the level of technical security you wish to achieve.