industrial systems

With the development of the Industrial Internet of Things (IIoT) and cloud computing, industrial systems are increasingly interconnected and cyber threats are multiplying. In this article, we will discuss why industrial control systems (ICS) require a specific approach that differs from that of conventional IT networks. In upcoming articles, we will present 3 attack scenarios to illustrate the specific risks of industrial systems such as theft of confidential information (a minor attack compared to production halts), sabotage and denial-of-service of industrial installations. Stay connected!

1. What is an industrial system?

Industrial systems differ from conventional IT systems in that they manage physical installations. These strategic systems ensure the correct operation of critical infrastructure in various industrial areas. Examples include:

  • Energy: extraction and/or production of oil and gas, distribution of electricity
  • Transportation: road infrastructure, air and rail transportation
  • Production: manufacturing plants, production factories
  • Services: water management and distribution, security, air conditioning, heating, etc.

Industrial systems are regulated by international standards issued by:

  • Cross-sectoral organizations (International Society of Automation (ISA), International Electrotechnical Commission (IEC), etc.)
  • Sector-specific organizations (International Atomic Energy Agency, European Committee for Electrotechnical Standardization for Railways, etc.)

2. Industrial systems: a 6-tier technical architecture

Industrial infrastructures are controlled by industrial networks that are interconnected at different levels: PLC or programmable logic controllers, supervisory control and data acquisition systems (SCADA), distributed control systems (DCS), sensors, actuators, calculators, etc.

6 connected levels
According to the ISA 95 standard, the architecture of an industrial network is organized into 6 levels:

  • Level 0- On the field: sensors, actuators, motors
  • Level 1- Process: controllers, safety systems
  • Level 2- Control: SCADA stations
  • Level 3- Manufacturing: plant operations, MES
  • Level 4 and 5- Company: PC, office equipment, email, intranet.

We can talk about an industrial control system (ICS) when a network meets at least 4 out of the following 5 characteristics:

1. The network is designed to manage and control a physical process.

2. It is deployed in an environment where material requires specific resistance properties (resistant to 70ºC temperatures, continuous power supply between 12 and 24V, dust resistance, etc.).

3. It uses IEC standardized communication protocols or proprietary protocols managed by recognized designers.

4. It uses mainly machine-to-machine communication with a slow passband transmission rate (10/100 Mbps for local networks and 512 kbits for distant networks).

5. The use of IT technology (IETF protocols and http for example) is reserved for management operations such as web administration, SNMP and ICMP monitoring.

3. Specific risks and objectives

3.1. Physical risks

3.1.1. Conventional IT networks…

When a cyberattack hits an IT system, the risk affects the confidentiality, integrity and availability of data. The impact is mainly financial (extortion of bank account information, denial-of-service distributed on web servers, etc.).

3.1.2. … vs. industrial systems

Industrial systems use operational technology (OT) to run physical infrastructure. The risks of a cyberattack on these systems are much greater as the consequences can be much more serious:

  • diminished reliability of operations on installations being controlled.
  • no guarantee of the physical integrity of the production tool.
  • weakened physical security of goods and people.
Human and material consequences
During the cyberattack on a tram in Lodz in 2008, a teenager took control of the track points, causing 4 derailments and 12 people to become injured. In addition to the human and material consequences, the CEO also bore criminal liability.

3.2. Cybersecurity objectives adapted to threats

Cybersecurity objectives will differ depending on the type of system that needs protection:

  • In an IT system, the following aspects will be addressed in this order: confidentiality, integrity, and availability of data.
  • In an industrial system (IT+OT), the focus will first be put on the availability of data, then on integrity and last on confidentiality.

4. Four specific features of industrial systems cybersecurity

4.1. Specific feature 1: a range of threat vectors

Malware can penetrate a network via a USB flash drive and then spread to stations that control industrial networks. Remote diagnostic and maintenance technology requiring remote access to networks and the presence of workstations operated by third parties (subcontractors, external providers) also constitute potentially dangerous flaws in an industrial system.

4.2. Specific feature 2: systems are not designed to fight against malicious intentions

Industrial systems were originally designed based on a logic of transparency and easy access to data. Neither the designers nor the users took into account malicious intentions. Today, at a time when the threat of cyberattacks is heightened by hyperconnectivity and the multiplication of network entry points, industrial operators have yet to improve security.

4.3. Specific feature 3: closed proprietary protocols

Industrial systems are designed based on protocols that allow data to be exchanged among different network components. However, the protocols that modify and sometimes reprogram the control system are mainly closed proprietary protocols. For intellectual property reasons, industrial equipment manufacturers have not planned on opening up these protocols. It is therefore impossible to apply protection techniques such as protocol conformity on messages exchanged on the industrial network.

4.4. Specific feature 4: events need to be put in context

Industrial systems need to understand the context of events in order to make a decision. For example, when an order to halt operations (order ‘STOP’) is sent to a programmable controller, there is no way of knowing whether the order is legitimate or ill-intentioned. In order for protective measures to facilitate operations rather than block operations, all orders must be put into context with an adapted cybersecurity solution before triggering a protection operation.

Given the specific features of industrial systems that integrate operational technology (OT), we cannot protect them from cyberattacks in the same way we protect conventional IT systems. To avoid blocking the flow of information needed to ensure infrastructure operations run smoothly, we must make an inventory of all events and analyze them in context by monitoring and mapping the entire system. To arm yourself against specific cyberattack scenarios such as data theft, sabotage or an industrial denial-of-service, you have to provide your industrial systems with specific protection: this is what Sentryo offers with its ICS CyberVision security platform.