A vulnerability is a failure in a process or system that may turn into a threat gateway, so the more vulnerable it is, the greater the risk.
In an industrial plant, there are two environments that need to be secured, the operational one (OT) and the information technology one (IT), the latter requiring a greater level of interconnectivity to make the plants more efficient, automating processes. This is where the crux of the matter lies. In industrial automation, variables related with real-time processes come into play, meaning that, when faced with a vulnerability, the impact is greater, because we face interruptions to activity which, in turn, implies costs and delays.
The aim is to protect, on the one hand, the availability of the information in the first environment and, on the other, the confidentiality of the data, in the second. That’s why it’s important to tackle cyber security right from the product design phase to delivery.
Subsequently, today, in industrial plants we find many systems (hardware and software) deployed that are able to communicate over a network and which have never been audited, meaning we could face many security breaches.
Of course, up until now this wasn’t a big problem because plant networks were generally internal, but now there is more and more software that needs to connect to the Internet. This means that the attack surface is bigger. That is, not only are we facing software damage, but also hardware damage, which means that in addition to loss or theft of information we are dealing with damage to the equipment itself. In industrial processes, problems can be related to malfunctions in production that lead to physical problems such as damage to machines, raw materials, etc.
Fortunately, there is growing awareness of the need to secure industrial systems, but... how do we deal with these vulnerabilities?
First of all, we have to change our mindset and not only be reactive, that is, respond or act when an attack occurs, but also be proactive, establishing preventive response models and identifying possible vulnerabilities. That’s why it’s necessary to monitor processes and systems and perform follow-ups to detect possible security flaws. This is the starting point for having safe and available infrastructures.
Equally, although it may not have occurred to us, having up-to-date software is another of the most important defenses. Something that’s guaranteed in Cloud with the SaaS model, something which we firmly advocate at Lantek in order for SMEs to jump on the digitalization train in a safe environment.
What type of technologies should be associated with cybersecurity projects?
INCIBE, the security incident response center of the Ministry of Economic Affairs and Digital Transformation, has made a series of predictions regarding cybersecurity in the industrial sector, an increasingly attractive market for cybercriminals, as they can obtain more lucrative benefits, either by selling information or deleting it, warns the public body.
At Lantek, we use encryption standards and ciphers that are accepted as "strong" by the IT security sector. In some cases, we use a security plus known as mutual authentication, meaning that both the server and our plant systems present a certificate. This happens, for example, in our communication solution between the local infrastructure and Cloud, Sherlock.
Ultimately, we should see cybersecurity as yet another element to consider when making our plants intelligent to prevent them from being vulnerable not only to unforeseen downtime, theft or deletion of data, but also to reputation issues. Because, believe it or not, it’s even more difficult to recover from that kind of collateral damage.