This is the translated version. The original text is in German.
By Wolfgang Kiener and Dr. Benedikt Westermann
In view of the increasing convergence of information technology and automation or process control technology, many industrial companies are confronted with a changing threat situation. Because more and more IT is being integrated into the area of Operational Technology (OT), the danger of cyber attacks on production facilities and critical infrastructures is increasing.
Using the Purdue model for industrial plants, TÜV Rheinland has analyzed known vulnerabilities and potential attacks at various levels (see Figure 1). As a result of the merger of IT and OT, typical weak points from the IT environment come to the fore in the risk assessment of OT environments and must be viewed critically. In addition, vulnerabilities in OT components on level 2 are increasingly identified and published. My colleague Dr. Benedikt Westermann showed in a live demo at the IT security fair it-sa 2018 on the topic “Industrial Security: AIR GAP – Yes or No? 2018” how the security mechanisms on levels 1 to 5 are leveraged and how access to sensors and actuators on level 0 is possible.
Figure 1: Vulnerabilities and attacks in the Purdue Model
Source: Purdue model was adopted from the Purdue Enterprise Reference Architecture (PERA) model by ISA-99.
New Requirements for the Security Operation Center (SOC)
The simulated attack shows that classic security mechanisms alone are not sufficient to protect the infrastructure in automation and process control technology. But even necessary compensatory protective measures cannot always reduce the risk of remaining weak points to an acceptable level. Further measures are also necessary. In particular, the detection, evaluation and handling of threats and attacks in a Security Operation Center (SOC) are crucial for safe and reliable operation. However, the successful use of such a system in OT requires a sound understanding of functional safety and resilience in OT environments. A typical SOC from the IT security environment potentially misjudges the protection goals.
In industrial environments and critical infrastructures, the timely detection and appropriate handling of threats and attacks is of particular importance, as there are only a few or no effective protective measures at the lower levels, and it is therefore absolutely essential to prevent the attacker from penetrating these levels. Otherwise, there are immediate threats to the protection of people and the environment – apart from directly measurable outages and effects on the business of the affected company.
A Security Operation Center suitable for industrial environments pursues risk-based threat management and understands OT-specific risks, dependencies and limitations. An integral understanding of the differences and correlations between the protection target models is essential (see Figure 2).
Figure 2: Safety, Reliability and Privacy: Digital Security Imperatives
Source: Gartner Security & Risk Management Summit: “Tutorial: Gartner Essentials: Top Cybersecurity Trends for 2016 – 2017”; Earl Perkins, 12 – 13 Sept. 2016
Conclusion: Companies must be prepared for attacks
The increasing use of IT in operational technology and the networking of the two areas are integral components of digital transformation. Against this background, the protection of production facilities and critical infrastructures against cyber attacks is becoming increasingly important. Classical security mechanisms such as segmentation and firewalls cannot guarantee one hundred percent protection. Therefore, companies should be prepared for the case of a successful attack in OT environments and consider further measures for the detection and handling of threats and attacks. The operational teams in the SOC must understand the specifics of IT and OT and the corresponding protection target models and act accordingly.