Industry 4.0 revolution

Industry 4.0 revolution

Industry 4.0, a term that includes the use of Internet of Things (IoT) devices in Industrial Systems mainly under the reign of SCADA devices and architecture, is becoming more important in recent times. One of the reasons behind this increasing attention is the close relationship Industry 4.0 has with Critical Infrastructure [1].

A well-executed attack on the most relevant items in the main list of Critical Infrastructure provided by the Department of Homeland Security, could have undesirable consequences as loss of lives, loss of basic services like: water, electricity, etc., economic loss of infrastructure, halt in normal industrial operations (which will increase the economic loose), etc. The previous kinetic impact of losing lives could happen sooner than we think due to the increase dependency of IoT Systems in critical areas like health, where insulin pumps and heart pace makers are linked to the network directly or through mobiles devices, modifying all the current threats to use them as attack vector for a far more targeted attack, the patient in use of such health support devices.

Impact to energy generation systems, considered critical as well by the Department of Homeland Security of the United States, could not have the loosing of lives impact, but it will affect the normal lives and emergency services of any given city, therefore having a great impact in our lives. There are already documented cases such as the described before. Reasons vary, being the political the one leading the statistics.

So, we understand the threats we need to fight against. The current approach by many companies is the use of diverse manufacturers for their filed sensors using a different communication protocol, at the same time these manufacturers will provide a "translator box", to convert from protocol A to protocol B, and send the data to their PLC and DCS platforms. This approach has been widely around the world.

Now, the problem comes when attacks use the IT platform to modify the parameters on the control loop of a particular given plant or any plant. In this case the, industries haven't thought about how to organize their network in order to prevent such attacks.

I strongly believe segmentation and strong data flow controls could somehow minimize the negative impact threats can cause when using IT as their attack vector against Industry 4.0 infrastructure.

Figure 1. High level Industry 4.0 Security Architecture

Segmentation alone without a clear strategy is just spending money without any purpose. Assuming all devices were deployed and well configured, and logging to the "Log aggregation system" or SIEM that represents the beginning of the story. As the NIST Special Publication 800-82 indicates, "Servers containing the data from the ICS that needs to be accessed from the corporate network are put on this network segment, only these systems should be accessible from the corporate network" [2].

I believe the decision of what devices are the ones in charge of communicating data with the Corporate Network is the most crucial one and the one which discussion could become easily political. Spite of that high risk, those decisions should be made after careful thinking is done.
Now, the isolated network could be further segmented into different levels according to business requirements or following standards like ISA-95 [3].

Following standards, using plenty of common sense and understanding business objectives, might be enough to make important decisions to keep Industrial Networks and Corporate Networks properly isolated, and tightly controlled those open ports and protocols through the firewall. After that strategy is necessary to better understand any given Industrial Network, which could be an additional topic.

References
[1] https://www.dhs.gov/cisa/critical-infrastructure-sectors
[2] NIST Special Publication 800-82
[3] ISA-95 https://www.isa.org/isa95/

Increasing unsecured CIS levels

For edges, Industrial Controls were use in isolated modes, comparable to islands with an ocean between them, where there was a lack of transport media to establish communications between them.

After the boom of the Internet, senior managers wanted to have production statistics in almost real-time, which pushed the convergence of devices like: PLCs, DCSs or SCADAs and standard IT infrastructure, in order to communicate specific data to office buildings in sometimes remote areas, where those managers where located.

Most of the mayor players at that moment, decided to produce friendlier systems that could extract specific production information and located in a Database for the data to be accessible and able to be manipulated and formatted in specific “interesting” charts. In this young scenario the number of layers was limited to Sensor networks, control network, control management and couple of layers to be able to connect to the database.

Forwarding until our time, the above doesn’t look so much of a challenge anymore, but the different layers introduced above the control management, which in small terms represents a fully-fledged IT infrastructure, with all the pros and cons included, creates a much more complex environment in which the shared space between IT and ICS will become invisible in time.

In the case the IT area is correctly controlled and security controls are in place, the communication path to the lower ICS could be safe, but in real life that is not so common.

It is more common to find partially secure IT Networks with a much unclear level of Security in the ICS levels, giving a skillful attacker potential number of vulnerabilities to exploit that could lead to the discovery of the less Secure ICS network.

The damage? As many articles refer to, could be catastrophic not because of the security case itself, but more alarming, related to the physical damage that can be triggered if e.g. a power plant is compromised, a nuclear plant loses its basic control, main generators are damaged, etc. Those real-life consequences could have a bigger impact in an already defenseless population that won’t fully understand how to react.

Protecting IT infrastructure is already a challenging task, adding the ICS Security on top of that, and the tasks become not only more difficult but it will require different teams, IT Security, IT infrastructure, ICS Security, etc. to work together, which in some cases that itself is a human vulnerability.