Taking steps to protect connected industrial infrastructure

By: Gavin Coulthard, Systems Engineering Manager for Australia and New Zealand, Palo Alto Networks

Networked devices and computer-controlled machines are nothing new in the manufacturing industry, but the rise of the Internet of Things (IoT) is seeing an unprecedented number of devices connected to the internet for monitoring and control purposes.

There are applications for IoT devices in almost every industry, and the manufacturing sector has much to gain from this technology. In many ways, the industrial control and automation systems commonly used in manufacturing processes have, for a long time, acted as precursors to the connected devices that are now available to consumers.

However, today’s development of IoT technology delivers new capabilities for businesses as well as individuals. These connected devices and systems can offer better management of industrial control systems (ICS).
IoT technology supports a granular quality of control and monitoring data, which can benefit supervisory control and data acquisition (SCADA) systems or distributed control systems and, in fact, any industrial automation system.

We’re talking about large volumes of sometimes very complex data. When used well, IoT technology provides an extremely useful tool.

While these new capabilities can lend enormous value to manufacturers, they also come with new problems. First among these is the issue of information security.

Mixing operational technology systems and information technology systems by way of IoT devices increases an organisation’s threat surface and opens up new ways for hackers to breach sensitive organisational networks.

In some organisations, this can result in data and financial losses. But for manufacturers, it can lead to infrastructure and reputational damage, and even open up the possibility of personal harm to workers.

In 2010, for example, centrifuges at Iran’s Natanz nuclear facility failed due to malware called Stuxnet. Now considered a cyber weapon, Stuxnet has since been followed by other classes of malware and attack methodologies specifically design to disrupt physical industrial infrastructure.

Today, industrial control systems are a growing target for cyberattack and, as the threat landscape becomes more aggressive, more industrial systems are being networked. This means manufacturers are more open than ever to potential threats.

However, there are things manufacturers can do to minimise their risks. Here are five key steps to protecting industrial IoT infrastructure:

1. Implement Layer 7 inspection technologies for improved visibility
Granular visibility of ICS protocols is a helpful step to increasing intelligence regarding data traffic. Linking this visibility to users and inspecting file-bearing applications is an essential part of this process. Next-generation firewalls employing advanced deep-packet inspection technology can help to deliver this capability.

2. Apply zero-trust network segmentation
It is important to apply zero-trust rules with access allowed on a ‘least privilege’ basis, where users are given access only to the systems they need to carry out their duties. This approach can result in a marked reduction in the number of vectors that can be used by an attacker, while also providing better correlation between user and application.

3. Use modern tools for preventing zero-day attacks
So-called zero-day attacks exploit previously unknown vulnerabilities in computer code to breach systems. Tools that can detect and prevent such threats at both the network and the endpoint levels are now essential for protection. A combination of malware ‘sandboxing’ solutions and advanced endpoint protection technology can help reduce the success of such attacks.

4. Secure mobile and virtual environments
Mobile devices should be checked for proper configuration before being allowed to access the network and, once on the network, applications should be limited to reduce the potential attack vectors. For virtual environments, virtualised firewall technology should be used to provide better visibility to data traffic.

5. Use a cohesive security platform
Many legacy ICS environments don’t have adequate security, and those that do often use security systems with point solution architecture. This can hamper performance, incident response, and administration. Next-generation firewall architecture, on the other hand, along with new models of centrally-connected endpoint security measures, support optimal operation and threat detection.

Leave a Reply

Your email address will not be published.