Page 16 - 2016
P. 16
Industrial control systems (ICS) are both the backbone and PLCs are dedicated industrial computers that serve as the
the Achilles heel of every nation's critical infrastructure. brains of all industrial control systems. They are used in
every industrial environment, and play a vital role in
They provide us essential services that support the complex industrial processes such as power generation, oil
foundation of modern society. If compromised, they can transportation, management of electrical and water
cause widespread physical and psychological damage. utilities, etc. Therefore, if a PLC is the victim of a cyber-
attack (one that alters its logic or disables the unit), the
The challenge with Operational Technologies (OT) effects could be catastrophic.
Industrial networks at critical infrastructure companies
pose unique challenges. Since they were implemented
decades ago, before the cyber threat existed, security wasn�t “Monitoring PLC activity is
a consideration in their design. The main security measure challenging because several
was the �Air Gap� which separated between the industrial different protocols are used for
network and external-facing corporate network.
communicating between
components in process
However, an �Air Gap� is no longer a functional or
operationally feasible solution in today�s connected world. automation systems”
As a result, industrial networks are increasingly exposed to
the external threats, yet they remain without the necessary
Monitoring PLC activity is challenging because several
defenses needed to protect them.
different protocols are used for communicating between
components in process automation systems.
One of the major security challenges in operational
environments, is the fact that many maintenance processes
Standard protocols, like Modbus and DNP3 are used for
are still performed manually. As a result, most facilities lack
communicating the latest measurement of physical
a complete up-to-date inventory of critical assets. They also
conditions (i.e. current temperature, current pressure, etc.)
do not maintain logs that capture details of which changes
between various types of controllers and data acquisition
were made to critical assets, when, by whom, and what was
systems.
the previous configuration.
Compromising these types of communications less critical,
In the event of operational disruptions or failures, whether
since every PLC has stop gaps such as �Never raise the
from a cyber attack, a malicious insider, or unintended
temperature above a ten-thousand degrees, no matter what
mistake, it is very difficult to pinpoint the problem and fix
instructions you receive�.
it.
Meanwhile, for control operations like making changes to
Why is there a visibility problem�
PLC logic, PLC code updates, firmware downloads and
Operational networks use completely different
configuration changes, OT vendors use proprietary
technologies than those found in IT networks. These
implementations of the IEC-61131 standard.
operational technologies (OT) are manufactured by
specialist vendors like Siemens, Schneider Electric,
Since these implementations are rarely documented, it is
Honeywell, GE, ABB, and others. They also use different
very difficult to monitor these activities.
communication protocols than IT products.
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 16
