Many Industrial Control Systems (ICS) used to be isolated and were not connected to other IT networks or the Internet. As the IIoT trend continues to be embraced with open arms by network operators, more and more of these ICS networks are converging with other networks. This integration has opened the door to new and exciting possibilities, but the downside is that these converged networks have significantly less resistance to threats in the outside world. Due to this increased potential for things to go wrong, industrial network operators need to address any potentially devastating security vulnerabilities posthaste.
Just because a network operator cannot see a problem on their network does not mean that a security breach has not occurred. It is often the case that security breaches on industrial networks do not become apparent immediately. Let us consider some examples to illustrate this point. One possibility is that someone with unauthorized access infiltrates the network and reconfigures a switch to send a command to a PLC instructing it to shut down part of the operational process. But another possibility is that an error may have already been introduced to the network by a hacker that has not yet caused any problems, but will cause significant disruption to the network in the future. When these types of security risks go undetected, it is very easy for network operators to mistakenly believe that their network is secure. The question network operators need to ask is, “How confident am I that my network is secure?”
In order to highlight the security risks that network operators face, let us consider three situations that must be addressed in order for operators to avoid security breaches on their networks.
What are the risks if people without proper authorization gain access to my network?
As our personal and business lives continue to become increasingly connected, it is important for us to remember how reliant we are on data stored on electronic devices and networks. When networks expand and converge, there is an almost endless list of possibilities that could go wrong if a network, or even a device, is victim to a successful cyber attack. For example, as factories continue to embrace the IIoT trend, more and more devices and networks are being connected together. Network operators have to remember that every device that is connected to the network has the potential to be exploited by hackers. Let us consider the possible ramifications of unauthorized access in more detail.
One of the most serious security breaches that can occur on industrial networks is when an experienced hacker gains control of who can access the network and locks all legitimate users out of the network. In order to prevent this type of security breach, it is critical to ensure that industrial networks have advanced authentication settings to prevent unwanted users from accessing the network. The question network operators need to ask is, “Do I have effective authentication settings across my entire industrial network?”
What are the possible implications if traffic on my industrial network is not monitored properly?
In an ideal situation, operators would be aware that their network has a problem as soon as it occurs, which would give them enough time to rectify the issue before the network crashes. Therefore, operators should closely monitor all of the activity on their network to ensure nothing untoward is happening. Constant monitoring helps avoid the scenario where an unauthorized user gains unrestricted access to the network for a long period of time and is presented with numerous possibilities to wreak havoc. For example, an operator could unintentionally change the security settings on one of the devices, which could result in the device no longer being secure. Even though the device may have originally been secure, every time changes are made to a device, the network operator should confirm that it still has correct security settings. In this example, of which many more could be given, the network operator would not be alerted to the fact that a change in the operating process had occurred until it is too late. The question network operators need to ask is, “Am I confident that none of these things could happen to me?”
What are the possible ramifications if my industrial network experiences unexpected downtime?
Network downtime is something that all network operators want to avoid. For network operators who manage large networks, the problem of network downtime becomes particularly troublesome if they do not know why the network crashed. It is also very inconvenient for network operators when they have to manually check all the devices on the network to find out why the problem occurred. If the problem affects multiple devices, it will be extremely time-consuming to manually input the settings for every device. As modern industrial networks are constantly expanding, this is a problem that is only going to become increasingly common and more difficult to deal with in the future. The question network operators need to ask is, “Am I prepared to deal with the issue of unexpected network downtime?”
Moxa has been working in the industrial automation industry for more than 30 years and we have lots of experience overcoming the kinds of problems typically encountered on industrial networks. To find out more about some of the tools that Moxa has developed to help network operators overcome the problems discussed in this article and also discover how our tools can save operators a lot of time, download the brochure: Security Guidelines for Industrial Network Infrastructure.