In today’s world, with interconnected systems and the Industrial Internet of Things (IIoT) it becomes of even greater importance to address the protection of Industrial Automation Systems. As we see attacks in the wild that are specifically crafted for PLCs and safety systems, no one can ignore the relevance and the urgency. In addition, companies also have to comply with numerous industrial security regulations and standards all over the world. Although the threat landscape is different for every company and even every automation system, there is help. This help lies in a concept called defense in depth and is to be found in the IEC 62443—the standard for IT security for Industrial Automation and Control Systems.
This article will lay out the principles of the defense in depth concept and also some new developments.
“Defense in depth” strategy
Where risk minimization is concerned, the security chain of any company is only as strong as its weakest link. Examples of weak links include a device connected via USB, an unauthorized PC workstation, a smartphone or even a printer. This is because, in the worst-case scenario, malware can spread in a networked system from a single infected component to the entire production plant. Thus, it is not enough to only protect individual elements. Rather, a holistic approach is required. This is where a “defense in depth” strategy comes into its own. The basic idea: A series of barriers makes it difficult for attackers to penetrate an IT or Automation System—like a fortress with several layers of defense. But like a fortress, an automation system with an implemented security solution requires maintenance and continuous protection to defend against the evolving threat landscape. It is fair to say that security requires continuous attention and is not a one-time job.
Access controls and training courses: plant security
The first level of protection concerns plant security. This is a question of preventing physical access to critical
system components. The following fundamental issues arise here: How is access to the system monitored? Are server rooms kept locked and network connections secured? Who must or who can have access to the systems? It is also necessary to prevent unauthorized physical access to buildings, control rooms, control cabinets, PCs, switches, LAN ports, controllers and I/O systems.
This strategy also includes clear instructions and guidelines for IT security for plant personnel. After all, security solutions can only function if employees have the appropriate awareness and training. This awareness and the corresponding knowledge should be continually promoted using workshops, Web-based training courses and similar activities.
Segmentation and firewalls: network security
The next level starts with the fundamental architecture of the system. To this end, it is recommended that the automation system be subdivided into autonomous security cells that retain their functional integrity even if communication with other areas of the network temporarily fails. In addition, a “perimeter network” should also be set up. This prevents direct access from the outside and makes it difficult for hackers to infiltrate the system.
Firewalls and secure connections using VPN tunnels ensure safe communication externally and between the individual security cells. One important factor when selecting a firewall is the way it supports industrial environments. Network communication in production plants is unlike that in the office world and therefore requires different firewalls with corresponding rules and filters.
From antivirus to white-listing software: system integrity
At the center of the third level of protection is system integrity. The aim here is to protect PC-based systems as well as devices like PLCs and controllers. Any device is a potential access route for sabotage, whether intentional or inadvertent. This is where “system hardening” is applied, in which unused ports and drivers as well as unnecessary software are removed. Next to hardening additional software such as antivirus or application whitelisting software can be applied on the PC based automation devices. User management with least privileged principle shall be applied as well as working on a patch management solution for the systems to address evolving software vulnerabilities.
Once a reliable foundation based on “defense in depth” is set up, it is advisable to also take care of the evolving threats and changing environment. In parallel to the evolving threat landscape the solutions landscape is expanding as well. With Industrial Anomaly Detection a new solution is available that can identify assets and communication behavior of an industrial automation and control system and based on this watch for anomalies. This happens through passive listening of the traffic of the automation system and without any interference. This software solution from Siemens is bundled on a Siemens Industrial PC and connected to the automation systems either through a TAP or a mirror port of a switch. On top of that the solution is not only working for Siemens automation systems, but also for all major other vendors in the market. Once anomalies are identified by the system, the system provides insights into where this has come from and what has been done. This may later be integrated into other security reporting tools that are already in place in the IT environment.
The defense in depth concept is a powerful concept that helps to set up an industrial automation and control system in a secure way and leaves enough room to adapt the requirements to the individual automation system. Industrial Anomaly Detection adds an additional layer of protection to identify assets in the automation system, the communication and detect anomalies.