Industrial Security - Security and Industry 4.0

Currently, the buzzword Industry 4.0 is everywhere in the media. But what exactly does that mean? Basically, it means that more and more industrial plants are being connected to the internet, so that, for example, stocks can be managed centrally or you can see from the company headquarters in Germany what exactly the production plant in the USA is doing. Imagine that a production line in a factory breaks down. In the past, it would have been necessary for an employee to notice this and then call a supervisor and inform them. Nowadays, this is done completely automatically, faster and with more information than an employee could provide in a timely manner. In addition, this information can be monitored at any time and in real time - no matter from where.

It all sounds fantastic, doesn't it?

Unfortunately, it also has its drawbacks. Who doesn't remember Stuxnet, which was used to attack the Iranian nuclear programme? Only a few settings were slightly changed in the centrifuges and this then led to these centrifuges being permanently damaged. Similarly, in 2015, the attack on the Ukrainian electricity grid. The first documented case of a power blackout caused by a hacker attack. Over 200,000 households were without power for several hours.

The main problem is that IT has developed faster than so-called OT (Operational Technology) - in short, all industrial equipment. OT usually describes programmable controllers (PLC), human-machine interfaces (HMI), SCADA systems, the Industrial Internet of Things (IIoT) and much more. These can be found in factories, power plants, substations, refineries and so on.
It is generally said that such devices have a security status from 20 years ago.
Thus, for example, there is predominantly outdated software for which there are no longer any updates or passwords that are fixed in the software and cannot be changed. Furthermore, these devices work with the help of protocols that offer no encryption or authentication. In IT, computers are used for maybe 3-5 years and then replaced with new ones. In industry, systems run for decades because replacement is usually too time-consuming and too expensive.

Attackers actively exploit precisely this to gain easier entry into the company network and then access other systems via the internal network. For example, cybercriminals can download company data in this way and then sell it to competitors or blackmail the damaged company.
But sabotage would also be possible, as has already happened with Stuxnet. In 2014, the Federal Office for Security (BSI) reported a successful attack on a German blast furnace plant. A blast furnace was severely damaged. All by a hacker attack!

Of course, this raises the question of how to protect one's facilities accordingly. As with so many things, there is no simple answer. As with IT, the same concept applies to OT: "As much as necessary, as little as possible". This means nothing other than that you should only connect as much of the OT to the internet as necessary and thus restrict access as much as possible. For example, through network segmentation and VPN tunnels.

But as with so many things, there is no such thing as complete security. That's why you should also be able to monitor your OT. Not only via the controller systems, but also via an intrusion detection system (IDS) solution. These then inspect the communication of the OT devices at protocol level via a mirror port and can then sound the alarm in the event of irregularities. This does not necessarily have to be an attack. It can also simply be a defect or a misconfiguration. Such information is also immensely important for the operator of the OT devices. After all, you don't want to have a system failure that would result in a loss of reputation and turnover. The quicker you know that something has happened, the quicker you can react and thus prevent failures.

We at EnBITCon GmbH offer you precisely such protection for your industrial facilities with our Industrial Security Service and will be happy to advise you in this regard without obligation. We work closely with manufacturers of IDS solutions, such as Cyberbit. This enables us to offer you a customised solution with regard to your company, your requirements and your implemented systems.