The Industrial Automation is a key enabler of the manufacturing sector. The traditional physical security in manufacturing consists of fences, security guards and barriers protect the physical environment and the approach of physically isolating the industrial automation network from the corporate network is no longer viable. With the merger of the Enterprise Network and the Industrial automation net-work to bring about efficiency and speed a single firewall used to isolate the networks is not adequate. A multi- layered approach to securing industrial automation is needed today. With wireless, Scada, Indus-trial LANS, RFID and similar technology deployed in the hop floor and the traditional barriers between industrial networks and corporate networks are diminishing; today the automated system can be monitored from a smart phone anywhere in the world. With a connected world the Industrial Automation systems are vulnerable to all types of attacks and hackers and could be sitting ducks to cyber attacks.
SCADA and Stutxnet and Standards
At the start of this century industrial automation meant SCADA devices for data acquisition and management, and isolating the SCADA environment was considered enough to secure the industrial automation environment this no longer holds true today. SCADA (supervisory control and data acquisition) generally refers to industrial control systems (ICS): computer systems that monitor and control industrial, infrastructure, or facility-based processes. Stuxnet is a computer worm discovered in June 2010. It initially spreads via Microsoft Windows, and targets Siemens industrial software and equipment. While it is not the first time that hackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit.
An antivirus solution is not enough to protect industrial automation systems and will only work if you have a signature, but there is no signature available for a worm using a zero-day vulnerability and will mostly go undetected. An in-depth approach to security is needed in protecting industrial automation solutions which will include antivirus, firewalls and a defense-in-depth approach ensuring complete protection.
The industrial automation solutions were designed for an isolated environment and security controls are almost non-existent, most solutions do not possess robust authentication, integrity or confidentiality capability. Any individual or worm that gets a foothold into the network can completely take control of the automation systems. Even when vulnerabilities are detected or indentified most often nothing is done because the industrial automation does not come in the ambit of IT Governance and hence there are no processes defined for identifying or patching vulnerabilities.
A sound approach is to visit the IEC62443 and ANSI / ISA99 ICS security standards and also the ISO 27001 which address the need for a defense-in-depth solution as part of the standards requirement. It is important to deploy a mix of various technologies and procedures to ensure sustained and enhanced security of the control system environment; this is augmented by using available security standards.
Key elements we need to consider in our Defense in Depth approach are: Continuous Patch Management, Network Segmentation, Authentication, Application control, SIEM (Security Information and Event Management) and Intrusion Detection Systems.